DoSePa信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111591 漏洞类型 路径遍历
发布时间 2006-11-17 更新时间 2007-08-07
CVE编号 CVE-2006-6028 CNNVD-ID CNNVD-200611-356
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/2795
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200611-356
|漏洞详情
AntonVlasovDoSePa中的textview.php存在目录遍历漏洞,远程攻击者可以借助..(点点)序列或者在file参数内的绝对文件路径来读取任意文件。
|漏洞EXP
#######################################################################################
# Target:
#
#       DoSePa 1.0.4 (textview.php)
#       http://sourceforge.net/project/showfiles.php?group_id=91686
#
# Vulnerability:
#
#       Information disclosure.
#
# Description:
#
#       The textview.php page in DoSePa does not properly sanitize the $_GET['file']
#       value; this allows an attacker to view any file to which the server has
#       read rights.
#
# Vulnerable Code (truncated):
#
#       $file=$_GET['file'];
#       file_get_contents($file);
#
# Exploit:
#
#       http://dosepa.somesite.com/textview.php?file=/etc/passwd
#
# Discovery:
#
#       Craig Heffner
#       heffnercj [at] gmail.com
#       http://www.craigheffner.com
#######################################################################################

# milw0rm.com [2006-11-17]
|参考资料

来源:XF
名称:dosepa-textview-information-disclosure(30349)
链接:http://xforce.iss.net/xforce/xfdb/30349
来源:BID
名称:21149
链接:http://www.securityfocus.com/bid/21149
来源:MILW0RM
名称:2795
链接:http://www.milw0rm.com/exploits/2795
来源:VUPEN
名称:ADV-2006-4576
链接:http://www.frsirt.com/english/advisories/2006/4576
来源:MISC
链接:http://www.craigheffner.com/security/exploits/dosepa.txt
来源:SECUNIA
名称:22960
链接:http://secunia.com/advisories/22960
来源:MILW0RM
名称:2795
链接:http://milw0rm.com/exploits/2795