GForge远程任意命令执行漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108807 漏洞类型 输入验证
发布时间 2005-05-24 更新时间 2006-05-22
CVE编号 CVE-2005-1752 CNNVD-ID CNNVD-200512-670
漏洞平台 PHP CVSS评分 6.4
|漏洞来源
https://www.exploit-db.com/exploits/25693
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200512-670
|漏洞详情
Gforge的4.0之前版本中的scm组件的viewFile.php使得远程攻击者可以通过file_name参数中shell元字符来执行任意命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/13716/info

GForge is affected by a remote command execution vulnerability.

This issue arises because the application fails to sanitize user-supplied data passed through URI parameters.

An attacker can supply arbitrary shell commands through the affected parameter to be executed in the context of the affected server.

GForge versions prior to 4.0 are vulnerable to this issue. 

GET /scm/viewFile.php?group_id=11&file_name=%0Auname%20-a;id;w%0a
|参考资料

来源:BID
名称:13716
链接:http://www.securityfocus.com/bid/13716
来源:SECUNIA
名称:13845
链接:http://secunia.com/advisories/13845
来源:BUGTRAQ
名称:20050524Gforge-viewFile.phpsecurityflaw
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=111695779919830&w=2