Campsite 多个远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112887 漏洞类型 输入验证
发布时间 2007-05-08 更新时间 2007-05-08
CVE编号 CVE-2006-5911 CNNVD-ID CNNVD-200611-260
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/30005
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200611-260
|漏洞详情
CampwareCampsite存在多个PHP远程文件包含漏洞,远程攻击者通过传给在implementation/management/classes内的(1)Alias.php,(2)Article.php,(3)ArticleAttachment.php,(4)ArticleComment.php,(5)ArticleData.php,(6)ArticleImage.php,(7)ArticleIndex.php,(8)ArticlePublish.php,(9)ArticleTopic.php,(10)ArticleType.php,(11)ArticleTypeField.php,(12)Attachment.php,(13)Country.php,(14)DatabaseObject.php,(15)Event.php,(16)IPAccess.php,(17)Image.php,(18)Issue.php,(19)IssuePublish.php,(20)Language.php,(21)Log.php,(22)LoginAttempts.php,(23)Publication.php,(24)Section.php,(25)ShortURL.php,(26)Subscription.php,(27)SubscriptionDefaultTime.php,(28)SubscriptionSection.php,(29)SystemPref.php,(30)Template.php,(31)TimeUnit.php,(32)Topic.php,(33)UrlType.php,(34)User.php和(35)UserType.php;在implementation/management/内的(36)configuration.php和(37)db_connect.php;和在implementation/management/priv/localizer/内的(38)LocalizerConfig.php和(39)LocalizerLanguage.php的g_documentRoot参数内的URL执行任意PHP代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/23874/info
                                    
Campsite is prone to multiple remote file-include vulnerabilities.
                                    
Exploiting this issue allows remote attackers to execute code in the context of the webserver.
                                    
This issue affects Campsite 2.6.1. Earlier versions may also be affected.

http://www.example.com/priv/localizer/LocalizerConfig.php?g_DocumentRoot=shell.txt?
|参考资料

来源:sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=459574&group_id=66936
来源:code.campware.org
链接:http://code.campware.org/projects/campsite/changeset/6058
来源:code.campware.org
链接:http://code.campware.org/projects/campsite/changeset/6057
来源:code.campware.org
链接:http://code.campware.org/projects/campsite/ticket/2349
来源:code.campware.org
链接:http://code.campware.org/projects/campsite/query?milestone=2.6.2
来源:BID
名称:23874
链接:http://www.securityfocus.com/bid/23874
来源:OSVDB
名称:34225
链接:http://www.osvdb.org/34225
来源:OSVDB
名称:34224
链接:http://www.osvdb.org/34224
来源:OSVDB
名称:34223
链接:http://www.osvdb.org/34223
来源:OSVDB
名称:34222
链接:http://www.osvdb.org/34222
来源:OSVDB
名称:34221
链接:http://www.osvdb.org/34221
来源:OSVDB
名称:34220
链接:http://www.osvdb.org/34220
来源:OSVDB
名称:34219
链接:http://www.osvdb.org/34219
来源:OSVDB
名称:34218
链接:http://www.osvdb.org/34218
来源:OSVDB
名称:34217
链接:http://www.osvdb.org/34217
来源:OSVDB
名称:34216
链接:http://www.osvdb.org/34216
来源:OSVDB
名称:34215
链接:http://w