Bits Video Script 任意文件上传漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1118921 漏洞类型 输入验证
发布时间 2010-01-18 更新时间 2010-01-18
CVE编号 CVE-2010-0366 CNNVD-ID CNNVD-201001-231
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/34120
https://www.securityfocus.com/bid/40712
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201001-231
|漏洞详情
BitScriptsBitsVideoScript2.04和2.05GoldBeta版本中的register.php和addvideo.php存在多个自由文件上载漏洞。程攻击者可以借助对未明目录中文件的一个直接请求,用一个执行扩展名上载文件并执行任意代码,并访问该文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/40712/info
 
Bits Video Script is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input.
 
An attacker can exploit these vulnerabilities to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
 
Bits Video Script 2.04 and 2.05 Gold Beta are vulnerable; other versions may also be affected. 

http://www.example.com/Video/register.php
|受影响的产品
BitScripts Bits Video Script 2.05 Gold Beta BitScripts Bits Video Script 2.04
|参考资料

来源:XF
名称:bitsvideo-addvideo-file-upload(55738)
链接:http://xforce.iss.net/xforce/xfdb/55738
来源:MISC
链接:http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt
来源:SECUNIA
名称:38252
链接:http://secunia.com/advisories/38252
来源:OSVDB
名称:61826
链接:http://osvdb.org/61826