Announcement:
World of Warcraft Bots, need some help in choosing the best bot?
World of Warcraft Bots, need some help in choosing the best bot?
News Archives
- We ain't dead (28-05-2008)
- The Blogkeepers (07-05-2008)
- RandomBase IRC (26-04-2008)
- Updates (17-04-2008)
- We're baaaaack (12-04-2008)
- There are 13 users online.
- Most users ever online was 424 on 03/16/08.
- Our poor server had to serve 32 pages in the last 15 minutes.
- And yet he managed to generate this page in 0.007 seconds.
Previous [ 1 - 2 - 3 - 4 - 5 - 6 ] Next
Statistics
Affiliates & friends
RandomBase.com isn't just one website - it is more.
Two RCE exploits
Posted on 2008-02-09 19:38:22 by Iron
I don't do it often, but the vulnerability (Remote Code Execution) has been there for a damn long time and they didn't bother fixing it however it was really obvious. The vulnerable file is a 3rd party file named adodb-perf-module.inc.php, and is a part of ADOdb. The two affected pieces of software are Journalness and Open-Realty. The exploits can be found at milw0rm: Open-Realty and Journalness. Since ADOdb is used in a lot of PHP applications, don't be surprised if others are affected too.
Comments
spider:
nice one ... huhperl or.pl
#
# Open-Realty <= 2.4.3 Remote Code Execution exploit
# By Iron - randombase.com
# Greets to everyone at RootShell Security Group
#
# Example target url: http://www.target.com/openrealtydir/
Target url?www.openrealty.co.za
PHP code to evaluate? ~ s/(<\?php|\?>|<\?)//ig
####################
####################
got it ... lousy fuckin c exec expl