Nmap Development mailing list archives
[NSE] Script to detect PhP Code Execution Vulnerability in HybridAuth
From: Gyanendra Mishra <anomaly.the () gmail com>
Date: Thu, 16 Apr 2015 02:50:46 +0530
Hi, HybridAuth versions 2.0.[9-11], 2.1.x, 2.2.[0-2] have a PhP Code execution vulnerability. These versions leave behind install.php that allows one to modify config.php to run PHP commands as seen here : www.exploit-db.com/exploits/34390/ https://github.com/h4ck3rk3y/nmap/blob/master/test_scripts/http-hybridauth.nse Gyanendra -- *Gyanendra Mishra* Computer Science and Engineering Sophmore, BITS Pilani
Attachment:
http-hybridauth.nse
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Script to detect PhP Code Execution Vulnerability in HybridAuth Gyanendra Mishra (Apr 15)