DMXReady Registration Manager 'assetmanager.asp'任意文件上传漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117807 漏洞类型 其他
发布时间 2009-05-20 更新时间 2009-06-29
CVE编号 CVE-2009-2238 CNNVD-ID CNNVD-200906-435
漏洞平台 ASP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/8749
https://cxsecurity.com/issue/WLB-2009060071
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200906-435
|漏洞详情
DMXReadyRegistrationManager1.1版本的includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp中存在无限制文件上传漏洞。远程攻击者通过上传一个具有可执行扩展名的文件并通过向assets/webblogmanager的文件提交一个直接的请求来对其进行访问,执行任意代码。
|漏洞EXP
######################### Securitylab.ir ########################
# Application Info:
# Name: DMXReady Registration Manager
# Version: 1.1
# Website: http://www.dmxready.com
#################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
#################################################################
# Vulnerability Info:
# Type: Arbitrary File Upload Vulnerability
# Risk: High
# Dork: "inc_webblogmanager.asp"
#===========================================================
# http://site.com/includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp
# select file and uploaded
# view file : http://site.com/assets/webblogmanager/shell.aspx
#===========================================================
#################################################################
# Securitylab Security Research Team
###################################################################

# milw0rm.com [2009-05-20]
|参考资料

来源:XF
名称:rm-assetmanager-file-upload(50651)
链接:http://xforce.iss.net/xforce/xfdb/50651
来源:BID
名称:35039
链接:http://www.securityfocus.com/bid/35039
来源:BUGTRAQ
名称:20090520DMXReadyRegistrationManagerArbitraryFileUploadVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/503648/100/0/threaded
来源:MILW0RM
名称:8749
链接:http://www.milw0rm.com/exploits/8749