Jbrowser _admin/ 绕过身份认证漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107685 漏洞类型 未知
发布时间 2004-01-30 更新时间 2007-03-06
CVE编号 CVE-2007-1156 CNNVD-ID CNNVD-200703-094
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/23628
https://cxsecurity.com/issue/WLB-2007030068
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200703-094
|漏洞详情
Jbrowser允许远程攻击者借助一个对_admin/的直接请求,绕过身份认证和访问特定的管理性能。
|漏洞EXP
source: http://www.securityfocus.com/bid/9537/info

Due to a lack of access validation to the '_admin' directory, malevolent users may be able to execute arbitrary admin scripts. This may allow a malicious user to upload arbitrary files to the affected system and gain access to files outside of the web server root directory. There may also be other consequences associated with this vulnerability. 

http://www.example.org/_admin/
http://www.example.org/_admin/list_all.php?folder=../
http://www.example.org/_admin/upload.php
|参考资料

来源:BUGTRAQ
名称:20070222JBrowseraccestoadmin/configfiles
链接:http://www.securityfocus.com/archive/1/archive/1/460923/100/0/threaded
来源:OSVDB
名称:33141
链接:http://osvdb.org/33141
来源:MISC
链接:http://forums.avenir-geopolitique.net/viewtopic.php?t=2693
来源:BID
名称:9537
链接:http://www.securityfocus.com/bid/9537
来源:BUGTRAQ
名称:20070223JBrowserAccestoAdminPanelExploit
链接:http://www.securityfocus.com/archive/1/archive/1/461298/100/100/threaded
来源:SECTRACK
名称:1008909
链接:http://securitytracker.com/id?1008909
来源:SREASON
名称:2370
链接:http://securityreason.com/securityalert/2370