PHPQuickGallery gallery_top.inc.php textFile Variable Remote File Inclusion

2006-11-19T06:34:53
ID OSVDB:30501
Type osvdb
Reporter OSVDB
Modified 2006-11-19T06:34:53

Description

Manual Testing Notes

http://[target]/phpquickgallery/gallery_top.inc.php?textFile=Attacker

References:

Security Tracker: 1017256 Secunia Advisory ID:22989 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0373.html ISS X-Force ID: 30391 Generic Exploit URL: http://www.milw0rm.com/exploits/2814 FrSIRT Advisory: ADV-2006-4597 CVE-2006-6044