Artmedic CMS 'Index.PHP' 本地文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113806 漏洞类型 路径遍历
发布时间 2007-10-16 更新时间 2007-10-31
CVE编号 CVE-2007-5489 CNNVD-ID CNNVD-200710-349
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/4538
https://www.securityfocus.com/bid/26090
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200710-349
|漏洞详情
ArtmedicCMS3.4版本及其早期版本的index.php中存在目录遍历漏洞。远程攻击者可以借助页参数中的一个..,包含和执行任意本地文件。
|漏洞EXP
#######################################
X---- w w w . u N k n 0 w n . e u ----X
#######################################

artmedic CMS Local File Inclusion

::Home:
artmedic-cms.de

::Vuln Type :
 LFI

::Discovered by :
 iNs


PoC:
http://server/cms/index.php?page=[LFI]
http://server/index.php?page=[LFI]

d0rK:
CMS von artmedic webdesign


:: iNs ::

::Gr33tz t0:
uNkn0wn.eu - iD - Stel128 - Spitfire - fEaRz - R1der - Stranger21 -
nexos - sh4m4n - Svarshik - naxx - phew - Z
DRT Memb3rz - s[H]4g - deL - l10m - l1l - r00tm1nd - f|_|ck3r - p1mmy
ActiveSpy.org - ActiveSpy - steve10120 - lord - polifemo - craw -
Xplorer_eX - antik
idscript2003
PitBull Crew - The_PitBull - MaxDeMon - SancheZ - RedBull - ResellerZ
- r0x00k - c0ol
milw0rm.com - str0ke
darkc0de.com - d3hydr8

# milw0rm.com [2007-10-16]
|受影响的产品
artmedic webdesign Artmedic CMS 3.5
|参考资料

来源:BID
名称:26090
链接:http://www.securityfocus.com/bid/26090
来源:MILW0RM
名称:4538
链接:http://www.milw0rm.com/exploits/4538
来源:XF
名称:artmedic-index-file-include(37240)
链接:http://xforce.iss.net/xforce/xfdb/37240
来源:SECUNIA
名称:27269
链接:http://secunia.com/advisories/27269