15220: phpwind 7.5 apps/groups/index.php远程包含漏洞

phpwind 7.5 apps/groups/index.php远程包含漏洞

SEBUG-ID:15220

SEBUG-Appdir:PHPWind

Published:2010-01-10

Vulnerable:

phpwind 7.5

Discription:

apps/groups/index.php 里$route和$basePath变量没有初始化,导致远程包含或者本地包含php文件,导致执行任意php代码

<?php
if ($route == "groups") {
require_once $basePath . '/action/m_groups.php';
} elseif ($route == "group") {
require_once $basePath . '/action/m_group.php';
} elseif ($route == "galbum") {
require_once $basePath . '/action/m_galbum.php';
}

<*References

author: 80vul
team:http://www.80vul.com
http://www.80vul.com/pwvul/phpwind.txt

SEBUG Solution:

已经在这个补丁的同时'修补'了
http://www.phpwind.net/read-htm-tid-914851.html

<?php
!function_exists('readover') && exit('Forbidden');
if ($route == "groups") {
require_once $basePath . '/action/m_groups.php';
} elseif ($route == "group") {
require_once $basePath . '/action/m_group.php';
} elseif ($route == "galbum") {
require_once $basePath . '/action/m_galbum.php';
}
?>

// sebug.net [2010-01-10]