CGX inc/logingecon.php pathCGX Variable Remote File Inclusion

2007-05-08T09:33:24
ID OSVDB:35883
Type osvdb
Reporter OSVDB
Modified 2007-05-08T09:33:24

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

/[Path]/inc/logingecon.php?pathCGX=Shell

References:

Secunia Advisory ID:25214 Related OSVDB ID: 35886 Related OSVDB ID: 35882 Related OSVDB ID: 35881 Related OSVDB ID: 35880 Related OSVDB ID: 35884 Related OSVDB ID: 35885 Generic Exploit URL: http://milw0rm.com/exploits/3874 FrSIRT Advisory: ADV-2007-1734 CVE-2007-2611 Bugtraq ID: 23880