Technote 'shop_this_skin_path' Parameter Remote File Include Vulnerability

An attacker can exploit this issue via a browser.

The following example URI is available:

http://www.example.com/skin_shop/standard/2_view_body/body_default.php?GOODS[no]=deadbeef&GOODS[gs_input]=deadbeef&shop_this_skin_path=[RFI]


 

Privacy Statement
Copyright 2010, SecurityFocus