Album Photo Sans Nom 'getimg.php'目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111231 漏洞类型 路径遍历
发布时间 2006-10-10 更新时间 2006-10-17
CVE编号 CVE-2006-5320 CNNVD-ID CNNVD-200610-259
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/2507
https://www.securityfocus.com/bid/84593
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200610-259
|漏洞详情
AlbumPhotoSansNom1.6的getimg.php中存在目录遍历漏洞,远程攻击者可以通过img参数来读取任意文件。
|漏洞EXP
#
# Title..: 7 php scripts File Inclusion Vuln / Source disclosure
# Credits: DarkFig
# Og.link: http://acid-root.new.fr/poc/13061007.txt
#
# Using http://www.google.com/codesearch
# Few examples about what we can do with a code search engine
# For educational purpose only.
#
# You can use regex in your research, this can be chaotic.
# What's your opinion about the google code search project ?
#

# Affected.scr: Album Photo Sans Nom v1.6
# Download....: http://scripts.bezut.info/releases/APSN/albumV1.6.tgz
# Poc.........: http://victim.pl/getimg.php?img=config.inc.php
# Vuln.code...: Line 47, readfile($_GET['img']);

# milw0rm.com [2006-10-10]
|受影响的产品
Morian Album Photo Sans Nom 1.6
|参考资料

来源:MILW0RM
名称:2507
链接:http://www.milw0rm.com/exploits/2507
来源:VUPEN
名称:ADV-2006-4008
链接:http://www.frsirt.com/english/advisories/2006/4008
来源:SECUNIA
名称:22375
链接:http://secunia.com/advisories/22375
来源:MISC
链接:http://acid-root.new.fr/poc/13061007.txt
来源:XF
名称:album-photo-getimg-file-include(29473)
链接:http://xforce.iss.net/xforce/xfdb/29473
来源:BID
名称:20441
链接:http://www.securityfocus.com/bid/20441
来源:OSVDB
名称:29673
链接:http://www.osvdb.org/29673
来源:VIM
名称:20061220ProvablevendorACKforAlbumPhotoSansNomtraversalissue
链接:http://www.attrition.org/pipermail/vim/2006-December/001193.html
来源:MILW0RM
名称:2507
链接:http://milw0rm.com/exploits/2507