phpFidoNode phfito SRC_PATH远程文件包含漏洞

phpFidoNode phfito是一款基于PHP的WEB应用程序。 phpFidoNode phfito不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'phfito-post'脚本对用户提交的'SRCPATH'参数缺少过滤，指定远程服务器上的任意文件作为包含对象，可导致以WEB权限执行任意PHP代码。 phpFidoNode phpfito 1.3 目前没有解决方案提供： http://sourceforge.net/projects/phpfidonode/...

CVE-2007-5157

CVE-2007-5157 concerns a PHP remote file inclusion vulnerability in the PHP Fidonet Tosser (PhFiTo) 1.3.0 running with phFidoNode. The flaw lies in phfito-post.php, where an attacker can supply a URL in the SRC_PATH parameter to phfito-post and cause arbitrary PHP code execution on the affected s...

phfito-rfi.txt

?????????? ??????????????? ??????????????????? ??????????????????????? ?????????????????????????? ?????????????????????????????? ????????????????????????????????? ??????????????????????????????????? ????????????????????????????????????? ???????????????????????????????????????...

PhFiTo 1.3.0 - SRC_PATH Remote File Inclusion

PhFiTo 1.3.0 - SRCPATH Remote File Inclusion ?????????? ??????????????? ??????????????????? ??????????????????????? ?????????????????????????? ?????????????????????????????? ????????????????????????????????? ??????????????????????????????????? ?????????????????????????????????????...

PhFiTo 1.3.0 - 'SRC_PATH' Remote File Inclusion

?????????? ??????????????? ??????????????????? ??????????????????????? ?????????????????????????? ?????????????????????????????? ????????????????????????????????? ??????????????????????????????????? ????????????????????????????????????? ???????????????????????????????????????...

PhFiTo 1.3.0 (SRC_PATH) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications =========================================================== PhFiTo 1.3.0 SRCPATH Remote File Inclusion Vulnerability =========================================================== ?????????? ??????????????? ???????????????????...