WebKalk2 engine/engine.inc.php absolute_path Variable Remote File Inclusion

2007-04-12T18:59:57
ID OSVDB:35747
Type osvdb
Reporter OSVDB
Modified 2007-04-12T18:59:57

Description

Manual Testing Notes

/[Path]/engine/engine.inc.php?absolute_path=Shell.txt?

References:

ISS X-Force ID: 33598 Generic Exploit URL: http://www.milw0rm.com/exploits/3717 FrSIRT Advisory: ADV-2007-1385 CVE-2007-2307 Bugtraq ID: 23451