MiniBB 'news.php'远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110643 漏洞类型 输入验证
发布时间 2006-07-20 更新时间 2006-08-03
CVE编号 CVE-2006-3955 CNNVD-ID CNNVD-200608-020
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/28251
https://cxsecurity.com/issue/WLB-2006080024
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-020
|漏洞详情
MiniBB(全称MinimalisticBulletinBoard)是一套免费、开源的互联网论坛软件。该软件支持多种论坛样式、多界面语言、多时区、插件扩展等。MiniBB处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上执行任意命令。MiniBB的news.php脚本没能对absolute_path变量做充分的检查过滤,攻击者可以使脚本包含远程服务器上的PHP代码执行。
|漏洞EXP
source: http://www.securityfocus.com/bid/19095/info

MiniBB is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and access the underlying system.

MiniBB version 1.5a is affected; earlier versions may also be vulnerable.

http://www.example.com/[target]/news.php?absolute_path=[shellcode]?
|参考资料

来源:XF
名称:minibb-multiple-scripts-file-include(27905)
链接:http://xforce.iss.net/xforce/xfdb/27905
来源:BID
名称:19095
链接:http://www.securityfocus.com/bid/19095
来源:BUGTRAQ
名称:20060720MiniBBForum<=1.5aRemoteFileInclude(news.php)
链接:http://www.securityfocus.com/archive/1/archive/1/440875/100/100/threaded
来源:BUGTRAQ
名称:20060721MiniBBForum<=1.5aRemoteFileInclude(search.php-whosOnline.php)
链接:http://www.securityfocus.com/archive/1/archive/1/440839/100/100/threaded
来源:SECTRACK
名称:1016558
链接:http://securitytracker.com/id?1016558
来源:SECTRACK
名称:1016557
链接:http://securitytracker.com/id?1016557
来源:OSVDB
名称:28676
链接:http://www.osvdb.org/28676
来源:OSVDB
名称:28675
链接:http://www.osvdb.org/28675
来源:OSVDB
名称:28674
链接:http://www.osvdb.org/28674
来源:SREASON
名称:1315
链接:http://securityreason.com/securityalert/1315