Original Photo Gallery inc/config.inc.php x[1] Variable Remote File Inclusion

2007-05-10T08:03:23
ID OSVDB:35974
Type osvdb
Reporter OSVDB
Modified 2007-05-10T08:03:23

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

/[Path]/inc/config.inc.php?x[1]=Shell

References:

Secunia Advisory ID:25213 Other Advisory URL: http://milw0rm.com/exploits/3894 ISS X-Force ID: 34234 FrSIRT Advisory: ADV-2007-1767 CVE-2007-2620 Bugtraq ID: 23913