Scry Gallery index.php 目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110113 漏洞类型 路径遍历
发布时间 2006-04-21 更新时间 2006-04-26
CVE编号 CVE-2006-1995 CNNVD-ID CNNVD-200604-484
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/27724
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-484
|漏洞详情
ScryGallery1.1中的index.php存在目录遍历漏洞。这使得远程攻击者可以借助于参数p(该参数中包含..)序列读取任意文件。由于artrim函数调用中的参数顺序错误,p参数没有进行正确地安全处理。
|漏洞EXP
source: http://www.securityfocus.com/bid/17649/info

Scry Gallery is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. 

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.

http://www.example.com/scry/index.php?v=list&i=0&p=../../..
|参考资料

来源:BID
名称:17649
链接:http://www.securityfocus.com/bid/17649
来源:BUGTRAQ
名称:20060421ScryGalleryDirectoryTraversal&FullPathDisclosureVulnerabilites
链接:http://www.securityfocus.com/archive/1/archive/1/431716/100/0/threaded
来源:MISC
链接:http://downloads.securityfocus.com/vulnerabilities/exploits/17649-directory-traversal.exploit
来源:XF
名称:scry-gallery-index-directory-traversal(25991)
链接:http://xforce.iss.net/xforce/xfdb/25991
来源:BID
名称:17668
链接:http://www.securityfocus.com/bid/17668
来源:OSVDB
名称:24889
链接:http://www.osvdb.org/24889
来源:VUPEN
名称:ADV-2006-1490
链接:http://www.frsirt.com/english/advisories/2006/1490
来源:SREASON
名称:784
链接:http://securityreason.com/securityalert/784
来源:SECUNIA
名称:19777
链接:http://secunia.com/advisories/19777
来源:VIM
名称:20060425InterestingScrystuff
链接:http://attrition.org/pipermail/vim/2006-April/000716.html