cPanel登录脚本远程命令执行漏洞

cPanel登录脚本远程命令执行漏洞

漏洞ID 1107787 漏洞类型 输入验证
发布时间 2004-03-12 更新时间 2005-10-20
图片[1]-cPanel登录脚本远程命令执行漏洞-安全小百科CVE编号 CVE-2004-1770
图片[2]-cPanel登录脚本远程命令执行漏洞-安全小百科CNNVD-ID CNNVD-200403-052
漏洞平台 CGI CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/23807
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200403-052
|漏洞详情
cPanel&WebHostManager(WHM)是WEB主机控制管理系统。cPanel在处理用户提交给登录脚本的数据时缺少充分过滤,远程攻击者可以利用这个漏洞以root用户权限在系统上执行任意命令。问题存在于登录脚本对用户提交’user’参数数据缺少充分过滤,可导致提交包含元字符的SHELL命令,可以root用户权限执行任意命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/9855/info

A potential remote command execution vulnerability has been discovered in the cPanel application. This issue occurs due to insufficient sanitization of externally supplied data to the login script. An attacker may exploit this problem by crafting a malicious URI request for the affected script; the attacker may then supply shell metacharacters and arbitrary commands as a value for the affected variable.

http://www.example.com.com:2082/login/?user=|"`id`"|
|参考资料

来源:US-CERTVulnerabilityNote:VU#831534
名称:VU#831534
链接:http://www.kb.cert.org/vuls/id/831534
来源:XF
名称:cpanel-login-execute-commands(15486)
链接:http://xforce.iss.net/xforce/xfdb/15486
来源:BID
名称:9855
链接:http://www.securityfocus.com/bid/9855
来源:SECUNIA
名称:11124
链接:http://secunia.com/advisories/11124
来源:BUGTRAQ
名称:20040312Cpanel9.1.0haveaproblem?
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107911581732035&w;=2

相关推荐: Macromedia Flash 6.0.47.0 – SWRemote Heap Corruption

Macromedia Flash 6.0.47.0 – SWRemote Heap Corruption 漏洞ID 1053640 漏洞类型 发布时间 2002-11-18 更新时间 2002-11-18 CVE编号 N/A CNNVD-ID N/A 漏洞平台…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享