IRIS Citations Management Tool (post auth) Remote Command Execution

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : IRIS Citations Management Tool (post auth) Remote Command Execution
# Published : 2013-02-11
# Author :
# Previous Title : CubeCart 5.2.0 (cubecart.class.php) PHP Object Injection Vulnerability
# Next Title : Netgear SPH200D Multiple Vulnerabilities

Here is a bug that I finally found time to write about :-)

https://infosecabsurdity.wordpress.com/2013/02/09/iris-citations-management-tool-post-auth-remote-command-execution/

The attached contains my mini framework, exploit and screenshot.

Cheers!

~ aeon

# I Read It Somewhere (IRIS) <= v1.3 (post auth) Remote Command Execution
# download: http://ireaditsomewhere.googlecode.com 
# Notes: 
# - Found this in my archive, duno how long this has been 0Day for... but I had no use for it obviously.
# - Yes! ..the code is disgusting, but does the job
# - Sorry if I ripped your code, it worked for me and I dont reinvent wheels so thank you!
# ~ aeon (https://infosecabsurdity.wordpress.com/)
#
# Exploit requirements:
# ~~~~~~~~~~~~~~~~~~~~~
#
# - A valid account as at least a user
# - The target to have outgoing internet connectivity

Exploit: http://www.exploit-db.com/sploits/24480.tar.gz