Lazarus Guestbook (admin.php)Remote File Include Expliot

2007-03-20 / 2012-03-12
Credit: Crack_man
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-98


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

c_r_ck (at) hotmail (dot) com [email concealed] wrote: > # Lazarus Guestbook (admin.php)Remote File Include Expliot > # D.Script: http://www.carbonize.co.uk > # Dork: "Powered by Lazarus Guestbook from carbonize.co.uk" > # Discovered by Crack_man > # Homepage: http://www.b0rizq.biz > # Greetz To :B0rizq & red_casper & Draknaz kaiba & broken_proxy and all freind > > # Exploit: > # [VicTim]/[path]/admin.php?include_path=shell.txt?cmd > > =========================== > > With the lack of version information in this report it is hard for me to say if the version I downloaded was already a patched version, or if (based on previous history of these types of posts) this is just another bogus report where the reviewer didn't actually look at the code, and just posted based on the fact that there was a variable used in an include (require, include_once, require_once, fopen, etc...) call. Looking at line 36 of the admin.php script you can see the following: if (isset($include_path)) { die("Hacking Attempt!"); } $include_path = dirname(__FILE__); So... either it is patched in the version I am looking at (unlikely) or this is a bogus report (like god knows how many others). Tom Walsh Express Web Systems, Inc. http://www.expresswebsystems.com/

References:

http://www.expresswebsystems.com/
http://www.carbonize.co.uk


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top