Tikiwiki CMS tiki-listmovies.php文件目录遍历漏洞

BUGTRAQ ID: 27008 TikiWiki是一款网站内容管理系统，基于PHP+ADOdb+Smarty等技术构建。 TikiWiki的实现上存在输入验证漏洞，远程攻击者可能利用此漏洞非授权访问到服务器上任意文件的部分内容。 TikiWiki的tiki-listmovies.php脚本允许用户获得任意文件的前1000个字节。该脚本将movie参数值设置为$movie，删除最后4字节并添加.xml扩展名，然后调用fopen$confFile,'r'打开文件并读取文件的前1000个字节，接着传送这1000字节用作MovieWidth和MovieHeight...

Design/Logic Flaw

The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safemode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI...

CVE-2007-0448

The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safemode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI...

CVE-2007-0448

The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safemode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI...

CVE-2007-0448

CVE-2007-0448 : The PHP 5.2.0 fopen implementation fails to properly handle invalid URI handlers, enabling context-dependent attackers to bypass safe_mode and read arbitrary files via a path specified with an invalid URI (illustrated by the srpath URI). This is documented across multiple sources ...

CVE-2007-0448

The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safemode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI...

PHP FOpen Safe_Mode限制绕过漏洞

PHP是一款开放源代码的网络编程语言。 PHP存在安全模式绕过问题，远程攻击者可以利用漏洞写文件到其他未授权位置，建立文件并执行。 在PHP 5.2.0中可使用写模式绕过safemode，fopen函数描述如下： - -845-845--- Code from PHP520 ext/standard/file.c START stream = phpstreamopenwrapperexfilename, mode, useincludepath ? USEPATH : 0 | ENFORCESAFEMODE | REPORTERRORS, NULL, context; -...

[Full-disclosure] PHP 5.2.0 safe_mode bypass (by Writing Mode)

Source: http://securityreason.com/achievementsecurityalert/44 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.2.0 safemode bypass by Writing Mode Author: Maksymilian Arciemowicz SecurityReason Date: - - Written: 02.12.2006 - - Public: 24.01.2007 SecurityAlert Id: 44 CVE: CVE-2007-0448...

PHP Safe Mod protection bypass

It's possible to traverse working directory protection by using writing mode srpath://../ file prefix for fopen...

phpPowerCards 2.10 (txt.inc.php) Remote Code Execution Vulnerability

No description provided by source. +------------------------------------------------------------------------------------------- + phpPowerCards 2.10 txt.inc.php Remote Code Execution Vulnerability +------------------------------------------------------------------------------------------- +...

PHPPowerCards 2.10 - txt.inc.php Remote Code Execution

PHPPowerCards 2.10 - txt.inc.php Remote Code Execution +------------------------------------------------------------------------------------------- + phpPowerCards 2.10 txt.inc.php Remote Code Execution Vulnerability...

pNews <= 1.1.0 (nbs) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ====================================================== pNews = 1.1.0 nbs Remote File Include Vulnerability ====================================================== PowerNews v1.1.0 nbs Remote File Inclusion Affected Software .: PowerNews...

sendcard_340_xpl.txt

!/usr/bin/php -q -d shortopentag=on php injection\n"; echo " works against magicquotesgpc=Off\n"; echo " 2 - arbitrary remote inclusion\n"; echo " works against allowurlfopen=On\n"; echo " 3 - arbitrary local inclusion\n"; echo " works regardless of php.ini settings\n"; echo " and if you succeed ...

FreeBSD : WebCalendar -- information disclosure vulnerability (09c92f3a-fd49-11da-995c-605724cdf281)

Secunia reports : socsam has discovered a vulnerability in WebCalendar, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information. Input passed to the 'includedir' parameter isn't properly verified, before it is used in an 'fopen' call...

DotClear <= 1.2.4 (prepend.php) Arbitrary Remote Inclusion Exploit

Exploit for unknown platform in category web applications ================================================================== DotClear = 1.2.4 prepend.php Arbitrary Remote Inclusion Exploit ================================================================== !/usr/bin/php -q -d shortopentag=on ? ech...

CVE-2006-2762

PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a userinc setting that is used in an...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a userinc setting that is used in an...

Activity MOD Plus 1.1.0 - &#039;phpBB Mod&#039; File Inclusion

phpBB 2.x Activity MOD Plus File Inclusion Vulnerability Contacts ICQ: 10072 MSN/Mail: [email protected] web: www.nukedx.com This exploits works on phpBB 2.x Activity MOD Plus Original advisory can be found at: http://www.nukedx.com/?viewdoc=38 Succesful exploitation needs registerglobals on GET ...

Nucleus CMS 3.22 - &#039;DIR_LIBS&#039; Remote File Inclusion

!/usr/bin/php -q -d shortopentag=on \r\n"; die...

sphider_13_xpl_pl.txt

!/usr/bin/perl use IO::Socket; print "\r\nSphider works with registerglobals = On & allowurlfopen = On\r\n"; print "by rgod rgodautisticiorg\r\n"; print "site: http://retrogod.altervista.org\r\n"; print "\r\ndork: "powered by sphider"\r\n"; sub main::urlEncode my $string = @; $string = s/\W/"%"...