lookstrike lan_manager sys_conf[path][real] 参数 多个PHP远程文件包含漏洞

漏洞信息详情

lookstrike lan_manager sys_conf[path][real] 参数 多个PHP远程文件包含漏洞

• CNNVD编号：CNNVD-200802-321
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2008-0803
  
• 漏洞类型：
  
  
  代码注入
  
• 发布时间：
  
  2008-02-15
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2008-09-05
  
• 厂        商：
  
  lookstrike
• 漏洞来源：

LookStrike Lan Manager 0.9中的多个PHP远程文件包含漏洞会允许远程攻击者通过sys_conf[path][real] 参数中一个url来执行任意PHP代码。漏洞存在(1) modules＼class＼Table.PHP; (2) db_admins.PHP, (3) db_alert.PHP, (4) db_double.PHP, (5) db_games.PHP, (6) db_matches.PHP, (7) db_match_teams.PHP, (8) db_news.PHP, (9) db_platform.PHP, (10) db_players.PHP, (11) db_server_group.PHP, (12) db_server_ip.PHP, (13) db_teams.PHP, (14) db_team_players.PHP, (15) db_tournaments.PHP, (16) db_tournament_teams.PHP, and (17) db_trees.PHP in modules＼class＼db＼; and (18) Match.PHP, (19) MatchTeam.PHP, (20) Rule.PHP, (21) RuleBuilder.PHP, (22) RulePool.PHP, (23) RuleSingle.PHP, (24) RuleTree.PHP, (25) Tournament.PHP, (26) TournamentTeam.PHP, (27) Tree.PHP, and (28) TreeSingle.PHP in modules＼class＼tournament＼，注意：该漏洞会进一步通过目录遍历序列来包含或执行本地文件。

来源: MILW0RM

名称: 5121

链接:http://www.milw0rm.com/exploits/5121

来源: XF

名称: lookstrikelanmanager-sysconf-file-include(40519)

链接:http://xforce.iss.net/xforce/xfdb/40519