Jetbox CMS 'Search_function.PHP'远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110897 漏洞类型 输入验证
发布时间 2006-08-26 更新时间 2006-09-04
CVE编号 CVE-2006-4422 CNNVD-ID CNNVD-200608-459
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/28431
https://www.securityfocus.com/bid/19722
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-459
|漏洞详情
**有争议**JetboxCMS2.1中的includes/phpdig/libs/search_function.php存在PHP远程文件包含漏洞,远程攻击者可以借助relative_script_path参数中的URL执行任意PHP代码,此向量不同于CVE-2006-2270。注:此问题存在争议,截至2006年8月30日,CVE分析结果仍存在争议。而且,此漏洞实际上很可能存在于第三方模块,phpDig1.8.8。
|漏洞EXP
source: http://www.securityfocus.com/bid/19722/info

Jetbox CMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

Jetbox CMS version 2.1 is reported vulnerable; other versions may also be affected.

This issue is undergoing further investigation to determine the validity of the vulnerability. This BID will be updated as more information becomes available.

http://www.example.com/path/includes/phpdig/libs/search_function.php?relative_script_path=[Evil Code]
|受影响的产品
Jetbox Jetbox CMS 2.1
|参考资料

来源:XF
名称:jetboxcms-search-file-include(28588)
链接:http://xforce.iss.net/xforce/xfdb/28588
来源:BID
名称:19722
链接:http://www.securityfocus.com/bid/19722
来源:BUGTRAQ
名称:20060831AW:AW:JetBoxcms(search_function.php)RemoteFileInclude
链接:http://www.securityfocus.com/archive/1/archive/1/444826/100/0/threaded
来源:BUGTRAQ
名称:20060830Re:JetBoxcms(search_function.php)RemoteFileInclude
链接:http://www.securityfocus.com/archive/1/archive/1/444822/100/0/threaded
来源:BUGTRAQ
名称:20060829Re:AW:JetBoxcms(search_function.php)RemoteFileInclude
链接:http://www.securityfocus.com/archive/1/archive/1/444740/100/0/threaded
来源:BUGTRAQ
名称:20060828JetBoxcms(search_function.php)RemoteFileInclude
链接:http://www.securityfocus.com/archive/1/archive/1/444527/100/0/threaded
来源:BUGTRAQ
名称:20060825JetboxCMSsearch_function.phpRemoteFile
链接:http://www.securityfocus.com/archive/1/archive/1/444422/100/0/threaded
来源:BUGTRAQ
名称:20060829AW:JetBoxcms(search_function.php)RemoteFileInclude
链接:http://www.securityfocus.com/archive/1/444640/100/