Py-Membres Index.PHP未授权访问漏洞

Py-Membres Index.PHP未授权访问漏洞

漏洞ID 1107020 漏洞类型 输入验证
发布时间 2002-10-02 更新时间 2005-10-20
图片[1]-Py-Membres Index.PHP未授权访问漏洞-安全小百科CVE编号 CVE-2002-1884
图片[2]-Py-Membres Index.PHP未授权访问漏洞-安全小百科CNNVD-ID CNNVD-200212-836
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/21886
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-836
|漏洞详情
Py-Membres3.1版本index.php存在漏洞。远程攻击者通过设置pymembs参数为”admin”以管理员身份登录。
|漏洞EXP
source: http://www.securityfocus.com/bid/5849/info

A vulnerability has been reported for Py-Membres 3.1 that allows remote attackers to obtain administrative privileges on vulnerable installations.

Reportedly, Py-Membres does not fully check some URI parameters. Thus it is possible for an attacker to manipulate URI parameters and log into the system as an arbitrary user without the need for passwords. 

http://[target]/index.php?pymembs=admin
|参考资料

来源:BID
名称:5849
链接:http://www.securityfocus.com/bid/5849
来源:XF
名称:py-membres-admin-privileges(10308)
链接:http://www.iss.net/security_center/static/10308.php
来源:BUGTRAQ
名称:20021002MultipleWebSecurityHoles
链接:http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html

相关推荐: Progress Database BINPATHX Environment Variable Buffer Overflow Vulnerability

Progress Database BINPATHX Environment Variable Buffer Overflow Vulnerability 漏洞ID 1100494 漏洞类型 Boundary Condition Error 发布时间 2003…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享