SH-News scriptpath参数远程文件包含漏洞

View Post

受影响系统：

SH-News SH-News 3.1

描述：

BUGTRAQ  ID: 20478

SH-News是一款由德国人开发的新闻组系统。

SH-News处理用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。

SH-News的report.php、archive.php、comments.php、init.php和news.php文件没有正确的验证scriptpath参数的输入数据，允许攻击者通过包含本地或外部资源的任意文件导致任意PHP代码。

<*来源：v1per-haCker

  链接： http://secunia.com/advisories/22316/
*>

建议：

厂商补丁：

SH-News
-------
目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：

http://www.shnews.de/

posted on 2006-10-15 11:54 testing 阅读(823) 评论(14) 编辑收藏引用所属分类: Security

View Comments

# re: SH-News scriptpath参数远程文件包含漏洞回复 更多评论

I took my first <a href="http://bestfinance-blog.com">loan</a> when I was 20 and that aided my relatives a lot. But, I require the college loan also.

2011-07-09 17:12 | Gay19Lolita

# re: SH-News scriptpath参数远程文件包含漏洞回复 更多评论

We guarantee that student will get good grades if get information about cheap writing services. Therefore, do not waste your time sitting at the library.

2011-07-22 03:08 | write my essays

# re: SH-News scriptpath参数远程文件包含漏洞回复 更多评论

People want to get a good degree, but what is the correct way to get it? We could propose to determine for the thesis service to buy the thesis examples related to this post at. We used that and got the highest level.

2012-01-13 14:26 | dissertation

# re: SH-News scriptpath参数远程文件包含漏洞回复 更多评论

There’re lots of dissertation writing service or thesis writing service but your smart release reffering to this topic. Furthermore, to get know more you would buy the define dissertation.

2012-01-13 14:28 | dissertation service

# re: SH-News scriptpath参数远程文件包含漏洞回复 更多评论

Term papers writing is an essential deal for people. However, they don't treat that very seriously because they can simply buy pre-written papers.

2012-01-13 14:29 | buy research paper online

# re: SH-News scriptpath参数远程文件包含漏洞回复 更多评论

Smart university students do not waste their time! Hence, they simply tell "I need essay writing help ". Lots of people said me that could be worth to do it.

2012-01-13 14:29 | well written essay

# re: SH-News scriptpath参数远程文件包含漏洞回复 更多评论

The availability of selection is requested by customers who are willing to ask someone: " Do My Essay ". Proofreading and writing organizations give high school students those stuff.

2012-01-13 14:30 | Already written essays

# re: SH-News scriptpath参数远程文件包含漏洞回复 更多评论

Stop searching for mates who can help you with essay papers creating. You can just Buy a Essay. You do not need someone else to support you. Let specialists helping you.

2012-01-14 13:52 | Buy a Essay Online

# re: SH-News scriptpath参数远程文件包含漏洞回复 更多评论

We usually want to create reliable relations with our clients and college students choose to ask: " write my essay " from our company.

2012-02-25 03:28 | do my essay

# re: SH-News scriptpath参数远程文件包含漏洞 回复 更多评论

Thank you a lot for the perfect text just about this post! If you are willing to buy custom essay papers and custom essay opt for very good essay writing service. This is the very good way to the success!

2012-03-18 12:26 | custom writing

刷新评论列表

只有注册用户登录后才能发表评论。
【推荐】100%开源！大型工业跨平台软件C++源码提供，建模，组态！

相关文章: Vista安全模块PatchGuard一年内被黑客攻破 SH-News scriptpath参数远程文件包含漏洞小泉参拜靖国神社惹众怒中国黑客狂轰日本网站 Airscanner批评WinMobile安全软件漏洞百出 Airscanner批评WinMobile安全软件漏洞百出 MySQL权限提升及安全限制绕过漏洞 Backdoor.Win32.IRCBot.st 蠕虫公告（安全焦点）网络“隐形” 堵住Windows系统后门“NBT”（转）

网站导航: 博客园 IT新闻 BlogJava 博问 Chat2DB 管理

Testing

公告

常用链接

留言簿

随笔分类

Programming

Security

搜索

最新评论

View Post