1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MySpace Breadcrumb Remote File Incl CVE-2007-5721

HTTP MySpace Breadcrumb Remote File Incl CVE-2007-5721

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a remote file include vulnerability in MySpace Resource Script Breadcrumb.PHP

Additional Information

MySpace Resource Script (MSRS) is a content manager to create content for MySpace.

The application is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input to the 'rootBase' parameter of the '_theme/breadcrumb.php' script.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects MSRS 1.21; other versions may also be vulnerable.

Affected

  • MySpacePros MySpace Resource Script (MSRS) 1.21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube