[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
PerlSoft Guestbook v1.7b Bruteforcer + RCE!
- To: <bugtraq@xxxxxxxxxxxxxxxxx>
- Subject: PerlSoft Guestbook v1.7b Bruteforcer + RCE!
- From: Perforin <broken-error@xxxxxxxxxxx>
- Date: Thu, 29 Jan 2009 18:18:12 +0100
Typ: Bruter & RCE
Name: PerlSoft GB Pwner
Affected Software: PerlSoft Gästebuch
Version: 1.7b
Coder/Bugfounder: Perforin
------> the RCE is only once possible, do not waste your command!
STEP1: Use my script to bruteforce the admin login from the guestbook.
STEP2: If we gain access, you can decide to get in the ACP with the login OR to
use the RCE!
STEP3: Deface or root the server ;)
------> Infos about the Exploit
Unfortunaly, the RCE is only once possible and only after gaining acces to the
admincenter... so choose your command usefull. (I tried to make a RFI out of it
but the results were shitty because most of the webserver are secured against
including php file from other webservers.)
The RCE is possible due a security hole when you change the Username. The
script doesn´t check the input so we can manipulate the script.=)
-----> The Exploit Code
Get it here:
http://virii.lu/Perl-Scripts/GB_Pwner.txt
-----> Visit & Greetings
Visit my Blog virii.lu and of course vxnet!
Greetings to all vxer out there.
_________________________________________________________________
http://redirect.gimas.net/?n=M0902xWLM2009_DE
Neu: Messenger 2009! Hier kostenlos downloaden!