iamroot.com:/# echo '
> # profile
> http://www.linkedin.com/in/robertgilbert808
>
> # recent bugs
> CVE-2014-4980
> Parameter Tampering in Nessus Web UI - Remote Information Disclosure
> OSVDB | July 17, 2014
>
> CVE-2013-3734
> JBoss AS Administration Console - Password Returned in Later Response
> Security Focus | June 4, 2013
>
> CVE-2012-6493
> Nexpose Security Console CSRF Vulnerability
> The Exploit Database (EDB) | January 2, 2013
>
> CVE-2012-6494
> Nexpose Security Console - Session Hijacking
> Security Focus | January 2, 2013
>
> CVE-2012-6342
> Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities
> Security Focus | September 19, 2012
>
> CVE-2011-5251
> vBulletin - Multiple Open Redirects
> National Vulnerability Database | December 31, 2012
> Reference: http://www.securityfocus.com/bid/57118/info
>
> CVE-2013-1402
> DigiLIBE Management Console | Execution After Redirect (EAR) Vulnerability
> Security Focus - January 18, 2013
> Reference: http://www.securityfocus.com/bid/57499/
>
> # code
> pillage.lua
> pillage's only job is to pillage web applications for forms
>
> seep.pl
> a simple perl script that emails payloads to large numbers of SE recipients.
'> ./index.htm
#!/usr/bin/lua -- credit, notes, and release information at bottom of script. - stay clean -- local socket = require("socket") -- this is only for sleep :| local io = require("io") local ltn12 = require("ltn12") local curl = require("curl") local par_url = require("socket.url") -- this is only to parse urls :| local work_dir = string.match(arg[0],[[^@?(.*[\/])[^\/]-$]]) if (work_dir == nil) then work_dir = "." end package.path = work_dir .. "?.lua;" .. work_dir .. "lib/?.lua;" .. package.path require ("getopt_alt") require ("string_fun") function getum(cur_url,red) if verbose >= 3 then verbosie=1 else verbosie=0 end local head_text = {} local body_text = {} local function WriteMemoryCallbackH(s) head_text[#head_text+1] = s return string.len(s) end local function WriteMemoryCallbackB(s) body_text[#body_text+1] = s return string.len(s) end local c = curl.easy_init() c:setopt(curl.OPT_COOKIEJAR, cookiejar) c:setopt(curl.OPT_COOKIEFILE, cookiejar) -- cookies from previous session if exist c:setopt(curl.OPT_VERBOSE, verbosie) c:setopt(curl.OPT_URL,cur_url) c:setopt(curl.OPT_FOLLOWLOCATION,1) --c:setopt(curl.OPT_HEADERFUNCTION,WriteMemoryCallbackH) c:setopt(curl.OPT_WRITEFUNCTION, WriteMemoryCallbackB) c:setopt(curl.OPT_USERAGENT, agent99) c:setopt(curl.OPT_MAXREDIRS,10) --max 10 to stop redirect loops c:setopt(curl.OPT_AUTOREFERER,1) c:setopt(curl.OPT_SSL_VERIFYHOST,0) --don't care about your certs c:setopt(curl.OPT_SSL_VERIFYPEER,0) code,h_err=c:perform() if curl.close then c:close() end if h_err then print("Error getting: ".. h_err .. "\n") return 0 end --print(table.concat(head_text,'')) -- see header note above return table.concat(body_text,'') end function fform(linkf) for forms in string.gmatch(page, "