BUGTRAQ ID: 18788 Free Qboard是高级的开放源码留言簿服务。 Free Qboard的多个模块中存在远程文件包含漏洞,远程攻击者可能利用此漏洞在服务器上执行任意命令。 具体漏洞代码如下: ---------------------- 1- index.php include $qb_path."incs/mysql.php"; include $qb_path."incs/crypt.php"; ---------------------------------- 2- about.php include $qb_path."incs/header.php"; ---------------------------------- 3- contact.php include $qb_path."incs/header.php"; ---------------------------------- 4- delete.php include $qb_path."incs/mysql.php"; include $qb_path."incs/crypt.php"; ---------------------------------- 5- faq.php include $qb_path."incs/header.php"; ---------------------------------- 6- features.php include $qb_path."incs/header.php"; ---------------------------------- 7- history.php include $qb_path."incs/mysql.php"; include $qb_path."incs/crypt.php"; ---------- $qb_path parameter File inclusion free QBoard free QBoard 1.1 free QBoard -----------...
BUGTRAQ ID: 18788 Free Qboard是高级的开放源码留言簿服务。 Free Qboard的多个模块中存在远程文件包含漏洞,远程攻击者可能利用此漏洞在服务器上执行任意命令。 具体漏洞代码如下: ---------------------- 1- index.php include $qb_path."incs/mysql.php"; include $qb_path."incs/crypt.php"; ---------------------------------- 2- about.php include $qb_path."incs/header.php"; ---------------------------------- 3- contact.php include $qb_path."incs/header.php"; ---------------------------------- 4- delete.php include $qb_path."incs/mysql.php"; include $qb_path."incs/crypt.php"; ---------------------------------- 5- faq.php include $qb_path."incs/header.php"; ---------------------------------- 6- features.php include $qb_path."incs/header.php"; ---------------------------------- 7- history.php include $qb_path."incs/mysql.php"; include $qb_path."incs/crypt.php"; ---------- $qb_path parameter File inclusion free QBoard free QBoard 1.1 free QBoard ----------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <a href=http://sourceforge.net/projects/freeqboard/ target=_blank>http://sourceforge.net/projects/freeqboard/</a>
