Mini SQL w3-msql漏洞。

Mini SQL w3-msql漏洞。

漏洞ID 1105515 漏洞类型 其他
发布时间 1999-08-18 更新时间 2005-05-02
图片[1]-Mini SQL w3-msql漏洞。-安全小百科CVE编号 CVE-1999-0753
图片[2]-Mini SQL w3-msql漏洞。-安全小百科CNNVD-ID CNNVD-199908-029
漏洞平台 Multiple CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/19466
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199908-029
|漏洞详情
提供MiniSQL的w3-msqlCGI存在漏洞。远程攻击者可以借助此漏洞浏览限制目录。
|漏洞EXP
source: http://www.securityfocus.com/bid/591/info

Under certain versions of Mini SQL, the w3-msql CGI script allows users to view directories which are set for private access via .htaccess files. W3-mSQL converts any form data passed to a script into global Lite variables and these variables can then be accessed by your script code.

When an HTML form is defined a field name is given to each element of the form. When the data is passed to W3-mSQL the field names are used as the variable names for the global variables. Once a set of variables has been created for each form element, the values being passed to the script are assigned to the variables. This is done automatically during start-up of the W3-mSQL program. 

First Approach:
This attack requires the attacker to know the location/directory structure of the site she is attacking.

http://www.victim.org/cgi-bin/w3-msql/protected-directory/private-file

Second Approach:
This approach will gain the intruder a DES encrypted password which they can then attempt to crack it via any number of popular cracking utilites.

http://www.victim.org/cgi-bin/w3-msql/protected-directory/.htpasswd
|参考资料

来源:BID
名称:591
链接:http://www.securityfocus.com/bid/591

相关推荐: JPEGX Wizard Password Bypass Vulnerability

JPEGX Wizard Password Bypass Vulnerability 漏洞ID 1100538 漏洞类型 Design Error 发布时间 2003-04-07 更新时间 2003-04-07 CVE编号 N/A CNNVD-ID N/A 漏…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享