CVE-2006-1767
CVSS7.5
发布时间 :2006-04-13 06:02:00
修订时间 :2008-09-05 17:02:47
NMCO    

[原文]Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the theme_path parameter in (1) index.php, (2) become_editor.php, (3) add.php, (4) bad_link.php, (5) browse.php, (6) detail.php, (7) fav.php, (8) get_rated.php, (9) login.php, (10) mailing_list.php, (11) new.php, (12) modify.php, (13) pick.php, (14) power_search.php, (15) rating.php, (16) register.php, (17) review.php, (18) rss.php, (19) search.php, (20) send_pwd.php, (21) sendmail.php, (22) tell_friend.php, (23) top_rated.php, (24) user_detail.php, and (25) user_search.php; and the (26) base_path parameter in invoice.php.


[CNNVD]INDEXU 多个远程文件包含漏洞 (CNNVD-200604-218)

        nicecoder.com INDEXU 5.0.0和5.0.1中存在多个PHP远程文件包含漏洞。这使得远程攻击者可以借助于(1) index.php、(2) become_editor.php、 (3) add.php、(4) bad_link.php、(5) browse.php、 (6) detail.php、 (7) fav.php、 (8) get_rated.php、(9) login.php、(10) mailing_list.php、 (11) new.php、(12) modify.php、 (13) pick.php、(14) power_search.php、(15) rating.php、 (16) register.php、(17) review.php、 (18) rss.php、(19) search.php、(20) send_pwd.php、(21) sendmail.php、 (22) tell_friend.php、(23) top_rated.php、(24) user_detail.php和(25) user_search.php中的 theme_path参数以及(26)invoice.php中的base_path参数执行任意PHP代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:nicecoder:indexu:5.0.1
cpe:/a:nicecoder:indexu:5.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1767
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1767
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200604-218
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/17470
(UNKNOWN)  BID  17470
http://www.securityfocus.com/archive/1/archive/1/430599/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060411 INDEXU <= 5.0.1 (theme_path)and (base_path) Remote File Inclusion Exploit
http://securitytracker.com/id?1015891
(UNKNOWN)  SECTRACK  1015891
http://www.osvdb.org/28427
(UNKNOWN)  OSVDB  28427
http://www.osvdb.org/28426
(UNKNOWN)  OSVDB  28426
http://www.osvdb.org/28425
(UNKNOWN)  OSVDB  28425
http://www.osvdb.org/28422
(UNKNOWN)  OSVDB  28422
http://www.osvdb.org/28419
(UNKNOWN)  OSVDB  28419
http://www.osvdb.org/28417
(UNKNOWN)  OSVDB  28417
http://www.osvdb.org/28416
(UNKNOWN)  OSVDB  28416
http://www.osvdb.org/28415
(UNKNOWN)  OSVDB  28415
http://www.osvdb.org/28413
(UNKNOWN)  OSVDB  28413
http://www.osvdb.org/28412
(UNKNOWN)  OSVDB  28412
http://www.osvdb.org/28410
(UNKNOWN)  OSVDB  28410
http://www.osvdb.org/28409
(UNKNOWN)  OSVDB  28409
http://www.osvdb.org/28406
(UNKNOWN)  OSVDB  28406
http://www.osvdb.org/24597
(UNKNOWN)  OSVDB  24597
http://www.osvdb.org/24596
(UNKNOWN)  OSVDB  24596
http://securitytracker.com/id?1016331
(UNKNOWN)  SECTRACK  1016331
http://ftp.kep.online.fr/Indexu_5.0.1_File_Inclusion_Exploit-by_King-Hacker_and-Khamaileon.txt
(UNKNOWN)  MISC  http://ftp.kep.online.fr/Indexu_5.0.1_File_Inclusion_Exploit-by_King-Hacker_and-Khamaileon.txt

- 漏洞信息

INDEXU 多个远程文件包含漏洞
高危 输入验证
2006-04-13 00:00:00 2006-04-13 00:00:00
远程  
        nicecoder.com INDEXU 5.0.0和5.0.1中存在多个PHP远程文件包含漏洞。这使得远程攻击者可以借助于(1) index.php、(2) become_editor.php、 (3) add.php、(4) bad_link.php、(5) browse.php、 (6) detail.php、 (7) fav.php、 (8) get_rated.php、(9) login.php、(10) mailing_list.php、 (11) new.php、(12) modify.php、 (13) pick.php、(14) power_search.php、(15) rating.php、 (16) register.php、(17) review.php、 (18) rss.php、(19) search.php、(20) send_pwd.php、(21) sendmail.php、 (22) tell_friend.php、(23) top_rated.php、(24) user_detail.php和(25) user_search.php中的 theme_path参数以及(26)invoice.php中的base_path参数执行任意PHP代码。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://www.nicecoder.com/idx_main.php
        

- 漏洞信息

24596
Indexu index.php theme_path Parameter Remote File Inclusion
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

Indexu contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the index.php script not properly sanitizing user input supplied to the 'theme_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

- 时间线

2006-04-11 Unknow
2006-04-11 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站