CitrusDB CSV文件上传访问验证漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108461 漏洞类型 访问验证错误
发布时间 2005-02-15 更新时间 2006-05-12
CVE编号 CVE-2005-0409 CNNVD-ID CNNVD-200502-054
漏洞平台 PHP CVSS评分 6.4
|漏洞来源
https://www.exploit-db.com/exploits/25100
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200502-054
|漏洞详情
CitrusDB是一个基于Web的客户关系维护和账单管理解决方案。CitrusDB0.3.6及更早版本不验证(1)importcc.php和(2)uploadcc.php的授权,这可让远程攻击者上传信用卡数据并获得敏感信息(例如存储信用卡数据的临时文件的路径名),并进一步非法利用其他漏洞。
|漏洞EXP
source: http://www.securityfocus.com/bid/12557/info
 
CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the application fails to verify user credentials during file upload and import.
 
These issues are reported to affect CitrusDB 0.3.6; earlier versions may also be affected.

curl -D - --cookie "id_hash=2378c7b70e77d9c6737d697a46cbe34b;
user_name=testor" http://<target>/citrusdb/tools/uploadcc.php --form
userfile=@exploit.csv --form Import=Import
|参考资料

来源:MISC
链接:http://www.redteam-pentesting.de/advisories/rt-sa-2005-003.txt
来源:FULLDISC
名称:20050214Advisory:UploadAuthorizationbypassinCitrusDB
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031707.html