PHP Generator of Object SQL Database (PGOSD)的misc/function.php3存在PHP远程文件包含漏洞,在启用register_globals的情况下,远程攻击者可借助path参数中的URL执行任意PHP代码。
来源: XF
名称: pgosd-function-file-include(29696)
链接:http://xforce.iss.net/xforce/xfdb/29696
来源: BID
名称: 20677
链接:http://www.securityfocus.com/bid/20677
来源: BID
名称: 20668
链接:http://www.securityfocus.com/bid/20668
来源: BUGTRAQ
名称: 20061022 PHP Generator of Object SQL Database (path) Remote File Include Vulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/449475/100/0/threaded
来源: MILW0RM
名称: 2612
链接:http://www.milw0rm.com/exploits/2612
来源: VIM
名称: 20061026 Source VERIFY: PHP Generator of Object SQL Database RFI
链接:http://www.attrition.org/pipermail/vim/2006-October/001097.html
来源: SREASON
名称: 1783
链接:http://securityreason.com/securityalert/1783
来源: MILW0RM
名称: 2612
链接:http://milw0rm.com/exploits/2612
暂无
