######################################################## # # Exploit Title : Php Enter Php Code Injection # # Author : IrIsT.Ir & Sec4Ever.com # # Discovered By : L3b-r1'z # # Home : http://IrIsT.Ir & http://Sec4Ever.com # # P Blob : http://L3b-r1z.com/ # # Software Link : http://www.phpenter.net/ # # Security Risk : High # # Version : beta # # Tested on : win\XP # # Dork : allintext: "Powered by phpEnter.net" # # 1) Info Script # 2) Info Vulnerability # 3) P0c # ######################################################## # # 1) Info Script: # # PHP Enter is a free and Open Source PHP News Publishing script. # It is an online news publishing system that features easy installation, user submission. # and an admin panel for adding, editing and removing categories and news. ######################################################## # # 2) Info Vulnerability : # # This exploit allow attacker to inject php code execution like system($_GET['cmd']); # In file named banners in admin folder : # # 1.
Successfully.
"; # 12. }else{ # 13. ?> # # Look to line 7 fopen MYFILE , $myfile="horad.php" or die can't open file check chmod. # fwrite FH variable and stringdata, So String Data doesn't secure :), can attacker to inject php code execution. # Look to line 4 : $_POST['code'];, attacker will inject in POST from any tool dev, like HTTP LIVE EDITOR, HTTP Live headers. # # ######################################################### # # 3) p0c : # #
#
# Code
# #

#



# # ######################################################### # # Special Thx to : Irist.ir Team & Sec4ever.com Team # ######################################################### # # Greet'z : Am1r, The Injector, Sec4ever, b0x, Paulzz, Virus-Ra3ech, Damane2011 # Hacker-1420, Th3 Killer Dz, OVER-X <3, Stalk3r, The Viper, N4ss1m, B07 M4S73R # Ked-Ans, And All Members Of Irist And Sec4ever Team # #########################################################