Mambo软件的Contacts XTD 'contxtd.class.php'PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1193708 漏洞类型 未知
发布时间 2006-08-26 更新时间 2006-09-18
CVE编号 CVE-2006-4375 CNNVD-ID CNNVD-200608-428
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2006080160
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-428
|漏洞详情
**有争议**Mambo软件的ContactsXTD(ContXTD)组件(com_contxtd)中contxtd.class.php脚本存在PHP远程文件包含漏洞,远程攻击者可借助mosConfig_absolute_path参数中的URL执行任意PHP代码。注:另一研究人员对此问题存在争议,称软件通过对_VALID_MOS是否定义进行检验就可预防该攻击。
|漏洞EXP
On Sun, 2006-08-20 at 01:55 +0000, Outlaw (at) aria-security (dot) net [email concealed] wrote:
> 		########################################################################
###################
> 		#			Aria-Security.net Advisory                                        #
> 		#			Discovered  by: O.U.T.L.A.W                                       #	
> 
> 		#			< www.Aria-security.net >                                      	  #
> 		#		Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp                      	  #
> 		#		                                  		    			  #
> 		########################################################################
###################
> 
> 
> #Software: Mambo Components ContXTD
> #Attack method: Remote File Inclusion
> #Source:
> 
> ** ensure this file is being included by a parent file */
> defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
> 
> include_once( $mosConfig_absolute_path .'/includes/vcard.class.php' );

The "defined( '_VALID_MOS' ) or die" you quoted is there to prevent
this. You can't define that constant from POST or GET.
|参考资料

来源:BUGTRAQ
名称:20060821Re:MamboComponent-DisplayMOSBotManagerRemoteFileInclusionVuln
链接:http://www.securityfocus.com/archive/1/archive/1/444063/100/0/threaded
来源:BUGTRAQ
名称:20060820MamboComponent-DisplayMOSBotManagerRemoteFileInclusionVuln
链接:http://www.securityfocus.com/archive/1/archive/1/443892/100/0/threaded
来源:OSVDB
名称:28091
链接:http://www.osvdb.org/28091
来源:SREASON
名称:1451
链接:http://securityreason.com/securityalert/1451