发布时间 :2003-07-02 00:00:00
修订时间 :2016-10-17 22:33:19

[原文] in BLNews 2.1.3 allows remote attackers to execute arbitrary PHP code via a Server[path] parameter that points to malicious code on an attacker-controlled web site.

[CNNVD]BLNews 远程文件包含漏洞(CNNVD-200307-010)

        BLNews 2.1.3版本包含的'admin/'脚本对用户提交的请求缺少充分过滤,远程攻击者可以利用这个漏洞以WEB进程权限在系统上执行任意命令。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20030524 PHP source code injection in BLNews
(UNKNOWN)  BID  7677

- 漏洞信息

BLNews 远程文件包含漏洞
高危 输入验证
2003-07-02 00:00:00 2012-12-07 00:00:00
        BLNews 2.1.3版本包含的'admin/'脚本对用户提交的请求缺少充分过滤,远程攻击者可以利用这个漏洞以WEB进程权限在系统上执行任意命令。

- 公告与补丁

        * 在if ($itheme!="blubb")代码前增加如下一行:

- 漏洞信息 (22641)

BLNews 2.1.3 Remote File Include Vulnerability (EDBID:22641)
php webapps
2003-05-24 Verified
0 Over_G
N/A [点击下载]

It has been reported that BLNews is prone to a remote file include vulnerability. This is due to the incorrection initilization of some PHP headers within the application. As a result, an attacker may be capable of executing arbitrary PHP commands within the context of the web server.

This vulnerability is said to affect BLNews version 2.1.3-beta, however other versions may also be affected. 		

- 漏洞信息

BLNews Server[path] Parameter Remote File Inclusion
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

BLNews contains a flaw that may allow a malicious user to manipulate PHP in order to include a local or remote file. The issue exists because BLNews fails to properly initialize server side variables. It is possible that the flaw may allow an attacker to trick PHP subsystem into including remote PHP scripts controled by the attacker that could be used to execute arbitrary commands on the server, resulting in a loss of integrity.

- 时间线

2003-05-24 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: At the top of '' make sure you have: include("");

- 相关参考

- 漏洞作者