Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[NSE] Script to detect PhP Code Execution Vulnerability in HybridAuth

From: Gyanendra Mishra <anomaly.the () gmail com>
Date: Thu, 16 Apr 2015 02:50:46 +0530
Hi,

HybridAuth versions 2.0.[9-11], 2.1.x, 2.2.[0-2] have a PhP Code execution
vulnerability. These versions leave behind install.php that allows one to
modify config.php to run PHP commands as seen here :
www.exploit-db.com/exploits/34390/

https://github.com/h4ck3rk3y/nmap/blob/master/test_scripts/http-hybridauth.nse

Gyanendra


-- 
*Gyanendra Mishra*
Computer Science and Engineering Sophmore, BITS Pilani

Attachment: http-hybridauth.nse
Description: 

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: