Researcher break into Trojan Application Backdoor.Win32.VB.oyu

The Vulnerability Laboratory Research Team discovered multiple vulnerabilities in the vOlk-Botnet framework application v4.0 private edition.

vOlk-Botnet v4.0 is a remote administration tool, its main function is to manage the HOSTS file of the windows operating systems The code created by [byvOlk] PHP and Visual Basic 6.0.

Vulnerability Details:
1.1
The vulnerability laboratory research team discovered multiple sql injection vulnerabilities in the vOlk-Botnet framework application v4.0 private edition.
The sql vulnerabilities allow remote attackers to inject/execute own sql commands/statements on the affected vOlks botnet application control panel dbms.

The vulnerabilities are located in the Messenger, Filezilla, Estadisticas files with the bound vulnerable ?pag listing parameter. The vulnerability can
be exploited by remote attackers without required user inter action. Successful exploitation of the vulnerabilities result in botnet control panel
compromise via remote sql injection attack.

Vulnerable Files(s):
Messenger.php
Filezilla.php
Estadisticas.php

Vulnerable Parameter(s):
pag

1.2
The vulnerability laboratory research team discovered multiple persistent web vulnerabilities in the vOlk-Botnet framework application v4.0 private edition.
The input validation vulnerabilities allow remote attackers to inject own malicious persistent script code on application side of the botnet framework.
The vulnerabilities are located in the Visit Webpage (Open URL), MSN Stealer, Download File and Setting modules with the bound vulnerable domin,
Pasw, https or messenger bot s name parameters. The vulnerability can be exploited by remote attacker with low or medium required user inter action.
Successful exploitation of the vulnerabilities result in botnet control panel compromise via session hijacking, persistent web context manipulation or
combined csrf request manipulation.

Vulnerable Module(s):
MSN Stealer
Visit Webpage (Open URL)
Download File
Setting

Vulnerable Parameter(s):
Name – Bot s Name
URL – Open URL Bots
URL – Download url
Password Administrator & User Administrator

Dork CodeSearch: vOlk-Botnet 4.0
“ or “[vOlk-Botnet]v 4.0 Login“
DorK Google: allinurl:vOlk-Botnet 4.0 or subtitle:[byvOlk] – WebAdmin Panel ® vOlk-Botnet 4.0 and allinurl:WebAdmin/archivos/imagen/logo.jpg Continue Reading Researcher break into Trojan Application Backdoor.Win32.VB.oyu

Next Security flaw in Facebook exposes user phone numbers »

Previous « How to create Custom URL in blogger

Researcher break into Trojan Application Backdoor.Win32.VB.oyu

Related

StumbleUpon vulnerable to Reflected Cross site scripting

100% security tips for making your wordpress Site inpenetrable for hackers

Samsung Android hole also leaves SIM cards vulnerable

What’s the best antivirus for gamers in IOS?

Spring Vs. Spring Boot: A Comparison of These Java Frameworks

How to Apply For KNUST 2021/2022 Fully Funded Scholarship Program

Researcher break into Trojan Application Backdoor.Win32.VB.oyu

Related

StumbleUpon vulnerable to Reflected Cross site scripting

100% security tips for making your wordpress Site inpenetrable for hackers

Samsung Android hole also leaves SIM cards vulnerable

What’s the best antivirus for gamers in IOS?

Spring Vs. Spring Boot: A Comparison of These Java Frameworks

How to Apply For KNUST 2021/2022 Fully Funded Scholarship Program

Related Post