Cromosoft Simple Plantilla PHP (SPP) list_main_pages.php 绝对路径遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112281 漏洞类型 路径遍历
发布时间 2007-02-22 更新时间 2007-03-05
CVE编号 CVE-2007-1138 CNNVD-ID CNNVD-200703-040
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/29634
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200703-040
|漏洞详情
CromosoftSimplePlantillaPHP(SPP)的list_main_pages.php中存在绝对路径遍历漏洞。远程攻击者可以借助nfolder参数中的一个绝对路径名,列出任意的目录和读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/22669/info

Simple Plantilla PHP is prone to multiple input-validation issues, including a local file-include vulnerability and an arbitrary file-upload vulnerability.

Attackers can exploit the local file-include vulnerability using directory-traversal strings to execute local script code in the context of the application. Attackers can exploit the arbitrary file-upload to execute malicious PHP code in the context of the webserver process.

Exploiting these issues may allow attackers to compromise the application and the underlying system or to access sensitive information; other attacks are also possible. 

http://www.example.com/zadminxx/list_main_pages.php?nfolder=/etc/
|参考资料

来源:BID
名称:22669
链接:http://www.securityfocus.com/bid/22669
来源:BUGTRAQ
名称:20070222PlantillaPHPSimple
链接:http://www.securityfocus.com/archive/1/archive/1/460913/100/0/threaded
来源:SREASON
名称:2332
链接:http://securityreason.com/securityalert/2332
来源:OSVDB
名称:33138
链接:http://osvdb.org/33138