PHPProjekt登录可绕过漏洞

PHPProjekt登录可绕过漏洞

漏洞ID 1106705 漏洞类型 输入验证
发布时间 2002-04-25 更新时间 2005-10-20
图片[1]-PHPProjekt登录可绕过漏洞-安全小百科CVE编号 CVE-2002-1757
图片[2]-PHPProjekt登录可绕过漏洞-安全小百科CNNVD-ID CNNVD-200212-088
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/21421
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-088
|漏洞详情
PHPProjekt是一款免费开放源代码PHP组件程序,由PHPProjektDevelopmentTeam开发和维护,可使用在Unix和Linux操作系统下,也可使用在MicrosoftWindows操作系统下。PHPProjekt部分脚本在处理认证上存在漏洞,可导致未认证用户绕过登录检查访问系统。PHPProjekt部分脚本需要用户登录后访问,而部分脚本不需要,系统通过检查当前URL中的$PHP_SELF变量是否包含”sms”来区分。不幸的是,$PHP_SELF包含在请求的PATH_INFO部分中,攻击者可以通过构建特殊的URL来欺骗系统而无需登录。
|漏洞EXP
source: http://www.securityfocus.com/bid/4596/info

PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHPProjekt Development Team. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems.

Some of the PHProjekt scripts are only intended to be accessed by users who have been authenticated. However, it has been reported that it is possible for an unauthenticated attacker to access these scripts via a specially crafted web request.

http://www.somehost.com/phprojekt/mail/mail_send.php/sms

where the extraneous "sms" is included to be passed to the $PHP_SELF variable as part of the PATH_INFO. This causes PHPProjekt to behave as though the attacker accessing the script is logged on to PHPProjekt as a legitimate user.
|参考资料

来源:XF
名称:phprojekt-unauth-script-access(8943)
链接:http://xforce.iss.net/xforce/xfdb/8943
来源:BID
名称:4596
链接:http://www.securityfocus.com/bid/4596
来源:NSFOCUS
名称:2687
链接:http://www.nsfocus.net/vulndb/2687

相关推荐: Netscape Communicator Password Disclosure Weakness

Netscape Communicator Password Disclosure Weakness 漏洞ID 1100780 漏洞类型 Configuration Error 发布时间 2003-02-28 更新时间 2003-02-28 CVE编号 N/A…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享