PHPWIND2.02 & PHPWIND3.31ce权限提升漏洞

主要的原因是在于Job.php中产生的,但是操作的行为却在很大程度上迷惑了许多人,包括我在测试漏洞的时候都认为是Profile.php中的$Proicon变量引起的. 其实这个变量确实存在问题,而且可以直接导致一些恶意事件的发生.但是利用的两方面,一个是在Php中组合字符串,形成我们要说的漏洞,另外一个则是形成了删除任意文件的漏洞... 首先我们需要看看漏洞形成,在profile.php中的$proicon中,变量没有经过任何处理直接提交,系统中的变量经过了PHP的GPC转义.到了MySQL中一个XSS隐患.这是最重要的...

PHPWind Board faq.php skin Parameter Remote File Inclusion

The remote host is running PHPWind Board, a web-based bulletin board. There is a flaw in older versions of this software in the file 'faq.php' that could allow an attacker to gain a shell on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

[UNIX] PHPWind Skin Vulnerability (Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

PHPWind Board < 2.0.2 faq.php Remote File Inclusion (deprecated)

Binary data 2513.prm...