Jax Petitionbook 多个目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112010 漏洞类型 路径遍历
发布时间 2007-01-15 更新时间 2007-01-21
CVE编号 CVE-2007-0335 CNNVD-ID CNNVD-200701-256
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/29468
https://cxsecurity.com/issue/WLB-2007010076
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-256
|漏洞详情
JaxPetitionBook1.0.3.06版本中存在多个目录遍历漏洞。远程攻击者可以借助提交到(1)jax_petitionbook.php或(2)smileys.php的语言包参数中的..,来包含和允许任意的本地文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/22072/info

Jax Petitionbook is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these vulnerabilities using directory-traversal strings to have local script code execute in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks.

These issues affect version 1.0.3.06; other versions may also be vulnerable. 

http://www.example.com/jax_petitionbook.php?language=../../example_file.xxx%00?
|参考资料

来源:BID
名称:22072
链接:http://www.securityfocus.com/bid/22072
来源:BUGTRAQ
名称:20070116Re:JaxPetitionBook(languagepack)RemoteFileIncludeVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/457077/100/0/threaded
来源:BUGTRAQ
名称:20070115Re:JaxPetitionBook(languagepack)RemoteFileIncludeVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/456989/100/0/threaded
来源:BUGTRAQ
名称:20070114JaxPetitionBook(languagepack)RemoteFileIncludeVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/456981/100/0/threaded
来源:OSVDB
名称:32836
链接:http://osvdb.org/32836
来源:OSVDB
名称:32835
链接:http://osvdb.org/32835
来源:XF
名称:petitionbook-language-file-include(31543)
链接:http://xforce.iss.net/xforce/xfdb/31543
来源:VUPEN
名称:ADV-2007-0220
链接:http://www.frsirt.com/english/advisories/2007/0220
来源:SREASON
名称:2161
链接:http://securityreason.com/securityalert/2161
来源:SECUNIA
名称:23784
链接:http://secunia.com/advisories/23784