Py-Membres Index.PHP未授权访问漏洞

31次阅读
没有评论

Py-Membres Index.PHP未授权访问漏洞

漏洞ID 1107020 漏洞类型 输入验证
发布时间 2002-10-02 更新时间 2005-10-20
Py-Membres Index.PHP未授权访问漏洞CVE编号 CVE-2002-1884
Py-Membres Index.PHP未授权访问漏洞CNNVD-ID CNNVD-200212-836
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/21886
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-836
|漏洞详情
Py-Membres3.1版本index.php存在漏洞。远程攻击者通过设置pymembs参数为”admin”以管理员身份登录。
|漏洞EXP
source: http://www.securityfocus.com/bid/5849/info

A vulnerability has been reported for Py-Membres 3.1 that allows remote attackers to obtain administrative privileges on vulnerable installations.

Reportedly, Py-Membres does not fully check some URI parameters. Thus it is possible for an attacker to manipulate URI parameters and log into the system as an arbitrary user without the need for passwords. 

http://[target]/index.php?pymembs=admin
|参考资料

来源:BID
名称:5849
链接:http://www.securityfocus.com/bid/5849
来源:XF
名称:py-membres-admin-privileges(10308)
链接:http://www.iss.net/security_center/static/10308.php
来源:BUGTRAQ
名称:20021002MultipleWebSecurityHoles
链接:http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html

相关推荐: Progress Database BINPATHX Environment Variable Buffer Overflow Vulnerability

Progress Database BINPATHX Environment Variable Buffer Overflow Vulnerability 漏洞ID 1100494 漏洞类型 Boundary Condition Error 发布时间 2003…

正文完
 0