B2 0.6 b2edit.showposts.php b2inc Parameter Remote File Inclusion

ID EDB-ID:21436
Type exploitdb
Reporter Frank
Modified 2002-05-06T00:00:00


B2 0.6 b2edit.showposts.php b2inc Parameter Remote File Inclusion. CVE-2002-0734 . Webapps exploit for php platform

                                            source: http://www.securityfocus.com/bid/4673/info

B2 is a news/weblog tool written in php. b2 allows webmasters to quickly post news on the frontpage, and let viewers interact with each other. It is available primarily for Unix and Linux.

A variable that is referenced in the PHP scripts does not actually exist. Thus, an attacker may be able to define the value of the variable. By creating a PHP script on the remote side and embedding commands in it, the attacker is able to reference the remote file. This could potentially allow the attacker to execute commands on the vulnerable system.