Linksnet Newsfeed linksnet_linkslog_rss.php dirpath_linksnet_newsfeed Variable Remote File Inclusion

2007-05-14T04:49:04
ID OSVDB:36050
Type osvdb
Reporter OSVDB
Modified 2007-05-14T04:49:04

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

http://[target]/[Linksnet_Newsfeed_1_0_path]/linksnet_newsfeed/linksnet_linkslog_rss.php?dirpath_linksnet_newsfeed= shetll.txt?

References:

Secunia Advisory ID:25271 Other Advisory URL: http://milw0rm.com/exploits/3923 ISS X-Force ID: 34297 FrSIRT Advisory: ADV-2007-1826 CVE-2007-2707 Bugtraq ID: 23982