Killer Protection信息泄露漏洞

Killer Protection信息泄露漏洞

漏洞ID 1107028 漏洞类型 配置错误
发布时间 2002-10-07 更新时间 2002-12-31
图片[1]-Killer Protection信息泄露漏洞-安全小百科CVE编号 CVE-2002-2335
图片[2]-Killer Protection信息泄露漏洞-安全小百科CNNVD-ID CNNVD-200212-210
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/21912
https://www.securityfocus.com/bid/86675
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-210
|漏洞详情
KillerProtection1.0版本将包括文件的vars.inc存储在没有足够访问控制的web根下,远程攻击者可以通过使用protection.php获取用户名和密码和日志。
|漏洞EXP
source: http://www.securityfocus.com/bid/5905/info

The Killer Protection PHP script is prone to an information-disclosure issue. Reportedly, unauthorized users can access sensitive user data by requesting the 'vars.inc' file in a malicious HTTP request.

Exploiting this issue may allow attackers to access sensitive usernames and passwords, which could be used in future attacks.


http://[target]/vars.inc

and

http://[target]/protection.php?mode=display&username=[LOGIN]&password=[PASSWORD]
|受影响的产品
John Drake Killer Protection 1.0
|参考资料

来源:BID
名称:5905
链接:http://www.securityfocus.com/bid/5905
来源:XF
名称:killer-protection-vars-password(10315)
链接:http://www.iss.net/security_center/static/10315.php
来源:BUGTRAQ
名称:20021006phpSecurePages&KillerProtection;(PHP)
链接:http://online.securityfocus.com/archive/1/294208

相关推荐: AIX diagrpt Arbitrary Privileged Program Execution Vulnerability

AIX diagrpt Arbitrary Privileged Program Execution Vulnerability 漏洞ID 1103118 漏洞类型 Origin Validation Error 发布时间 2001-06-19 更新时间 20…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享