FreeHostShop Website Generator任意文件上传漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109811 漏洞类型 输入验证
发布时间 2006-02-25 更新时间 2006-03-02
CVE编号 CVE-2006-0936 CNNVD-ID CNNVD-200602-418
漏洞平台 PHP CVSS评分 6.5
|漏洞来源
https://www.exploit-db.com/exploits/27312
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200602-418
|漏洞详情
FreeHostShopWebsiteGenerator3.3可使具有管理权限的远程认证用户借助formname参数(具有包含危险文件扩展名以及%00后缀的文件名)上传并执行任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/16823/info

Website generator is prone to an arbitrary file-upload vulnerability. 

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

http://www.example.com/files/myforms/process3.php?formname=attack.php%00*name[0]=
|参考资料

来源:SECUNIA
名称:19014
链接:http://secunia.com/advisories/19014
来源:MISC
链接:http://nsag.ru/vuln/894.html
来源:BID
名称:16823
链接:http://www.securityfocus.com/bid/16823
来源:BUGTRAQ
名称:20060225NSAGroupSecurityAdvisoryNSAG-¹202-25.02.2006VulnerabilityWEBSITEGENERATOR3.3
链接:http://www.securityfocus.com/archive/1/archive/1/426077/100/0/threaded