PHPGroupware登陆SQL命令可执行漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106663 漏洞类型 未知
发布时间 2002-04-03 更新时间 2005-05-02
CVE编号 CVE-2002-0536 CNNVD-ID CNNVD-200207-030
漏洞平台 Linux CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/21365
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200207-030
|漏洞详情
PHPGroupware是一款免费开放源代码的群件系统,由PHPGroupware项目组开发维护并通过PHP语言实现。PHPGroupware在登陆(login)字段中没有正确处理用户输入数据,导致远程攻击者可以在服务器上执行任意SQL命令。问题存在于登陆(login)字段没有对用户输入进行充分检查,攻击者可以在此字段输入中嵌入SQL命令,通过使用特殊字符('),导致通过登陆(login)字段传递SQL命令并在系统上执行。另外,此问题可以导致攻击者利用已存在的数据库进行攻击。
|漏洞EXP
source: http://www.securityfocus.com/bid/4424/info

PHPGroupWare is a freely available, open source groupware system written in PHP. It is distributed and maintained by the PHPGroupWare project.

Debian packages of PHPGroupWare ship with an insecure default configuration. The PHP magic_quotes_gpc directive of the PHPGroupWare apache.conf file is disabled by default in Debian packages. This may enable remote attackers to make SQL injection attacks via PHPGroupWare.

Under normal circumstances, PHPGroupWare installs with the PHP magic_quotes_gpc directive enabled, to restrict the possibility of SQL injection attacks.

Additionally, this issue may also enable an attacker to exploit vulnerabilities that may exist in the underlying database. 

fubar'; CREATE TABLE thistableshouldnotexist (a int); --
|参考资料

来源:BID
名称:4424
链接:http://www.securityfocus.com/bid/4424
来源:XF
名称:phpgroupware-sql-injection(8755)
链接:http://www.iss.net/security_center/static/8755.php
来源:BUGTRAQ
名称:20020403SQLinjectioninPHPGroupware
链接:http://archives.neohapsis.com/archives/bugtraq/2002-04/0036.html
来源:OSVDB
名称:5153
链接:http://www.osvdb.org/5153
来源:BUGTRAQ
名称:20020411Re:SQLinjectioninPHPGroupware
链接:http://archives.neohapsis.com/archives/bugtraq/2002-04/0143.html