Dolphin "eval()" PHP Code Execution Vulnerability
Secunia Advisory SA46457
Release Date 2011-10-19
URL http://secunia.com/advisories/46457/
Exploit URL : http://www.exploit-db.com/exploits/17994/
Description: A vulnerability has been discovered in Dolphin, which can be exploited by malicious users to compromise a vulnerable system. Input passed via the "bubbles" parameter to member_menu_queries.php (when "action" is set to "get_bubbles_values") is not properly sanitised before being used in an "eval()" call. This can be exploited to execute arbitrary PHP code.
The vulnerability is confirmed in version 7.0.7. Other versions may also be affected.
----
Hi everyone, so, this is just a quick post to show dolphin 7.0.7 exploit. This is how you test it :
1) Download the application from http://www.4shared.com/file/HTsuoYry/Dolphin-v707.html
2) Install it
3) Download the exploit
4) Run the exploit in the format : php dolphin707.php 172.16.1.70 /dolphin/ user pass
Remember to change the ip to match yours.
5) You got your shell
This is what looks like
root@bt:~/exploits# php dolphin707.php 172.16.1.70 /dolphin/ admin hacktest
+------------------------------------------------------------+
| Dolphin <= 7.0.7 Remote PHP Code Injection Exploit by EgiX |
+------------------------------------------------------------+
dolphin-shell# id
uid=48(apache) gid=48(apache) groups=48(apache)
Thanks for whatching.
----
Hi everyone, so, this is just a quick post to show dolphin 7.0.7 exploit. This is how you test it :
1) Download the application from http://www.4shared.com/file/HTsuoYry/Dolphin-v707.html
2) Install it
3) Download the exploit
4) Run the exploit in the format : php dolphin707.php 172.16.1.70 /dolphin/ user pass
Remember to change the ip to match yours.
5) You got your shell
This is what looks like
root@bt:~/exploits# php dolphin707.php 172.16.1.70 /dolphin/ admin hacktest
+------------------------------------------------------------+
| Dolphin <= 7.0.7 Remote PHP Code Injection Exploit by EgiX |
+------------------------------------------------------------+
dolphin-shell# id
uid=48(apache) gid=48(apache) groups=48(apache)
Thanks for whatching.
Hello Everyone !
ReplyDeleteUSA SSN Leads/Fullz available, along with Driving License/ID Number with good connectivity.
All SSN's are Tested & Verified.
**DETAILS IN LEADS/FULLZ**
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER
->ADDRESS WITH ZIP
->PHONE NUMBER, EMAIL
->EMPLOYEE DETAILS
*Price for SSN lead $2
*You can ask for sample before any deal
*If you buy in bulk, will give you discount
*Sampling is just for serious buyers
->Hope for the long term business
->You can buy for your specific states too
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040