PerlSoft Guestbook v1.7b Bruteforcer + RCE!

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052231 漏洞类型
发布时间 2009-01-30 更新时间 2009-01-30
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2009010085
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Typ: Bruter & RCE
Name: PerlSoft GB Pwner
Affected Software: PerlSoft Gstebuch
Version: 1.7b
Coder/Bugfounder: Perforin 
 
 
------> the RCE is only once possible, do not waste your command!
 
STEP1: Use my script to bruteforce the admin login from the guestbook.
STEP2: If we gain access, you can decide to get in the ACP with the login OR to use the RCE!
STEP3: Deface or root the server ;)
 
------> Infos about the Exploit
 
Unfortunaly, the RCE is only once possible and only after gaining acces to the admincenter... so choose your command usefull. (I tried to make a RFI out of it but the results were shitty because most of the webserver are secured against including php file from other webservers.)
The RCE is possible due a security hole when you change the Username. The script doesnt check the input so we can manipulate the script.=)
 
-----> The Exploit Code
 
Get it here:
http://virii.lu/Perl-Scripts/GB_Pwner.txt
 
-----> Visit & Greetings
 
Visit my Blog virii.lu and of course vxnet!
Greetings to all vxer out there.