header-logo
Suggest Exploit
vendor:
PHP RapidKill Pro
by:
DigitALL
7,5
CVSS
HIGH
Shell Upload
434
CWE
Product Name: PHP RapidKill Pro
Affected Version From: 5.x
Affected Version To: 5.x
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

PHP RapidKill Pro 5.x Shell Upload Vulnerability

A vulnerability exists in PHP RapidKill Pro 5.x which allows an attacker to upload a malicious shell file (r57 or DigitALL Shell) to the vulnerable server. The attacker can then access the shell by clicking on the 'FİLES' option and renaming the file to xx.php. After clicking the 'Go To Shell' option, the attacker can gain access to the vulnerable server.

Mitigation:

Ensure that the web server is configured to only allow the upload of legitimate files and that all uploaded files are scanned for malicious content.
Source

Exploit-DB raw data:

# Exploit Title: PHP RapidKill Pro 5.x Shell Upload Vulnerability

# Date: 16.04.2010

# Author: DigitALL

# Software Link:

# Code :

g00gle d0rk: "PHP RapidKill Pro"

3xpl0it: Link to Download: http://site.com/shell.txt [r57 or DigitALL Shell
]

And Click To "FİLES" And Action Rename xx.php

Then Click The Go To Shell

Greetz To: Efe KroNicKq NoFearx38 and All 1923Turk.Com Members

[ www.digitallsecurity.org ] [ www.1923turk.com ] [
www.digit4ll.blogspot.com ] [ www.kankardes.com ] [ www.hacker-zone.org ]

Navigation

Suggest Exploit

Services By CQR