Rezervi Generic /belegungsplan/monatsuebersicht.inc.php root Variable Remote File Inclusion

2007-04-18T09:53:27
ID OSVDB:35011
Type osvdb
Reporter OSVDB
Modified 2007-04-18T09:53:27

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

/belegungsplan/monatsuebersicht.inc.php?root=Shell

References:

Secunia Advisory ID:24926 Related OSVDB ID: 35006 Related OSVDB ID: 35007 Related OSVDB ID: 35009 Related OSVDB ID: 35012 Related OSVDB ID: 35008 Related OSVDB ID: 35010 Related OSVDB ID: 35013 ISS X-Force ID: 33737 Generic Exploit URL: http://www.milw0rm.com/exploits/3763 FrSIRT Advisory: ADV-2007-1448 CVE-2007-2156 Bugtraq ID: 23550