NewsScript访问验证漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108511 漏洞类型 权限许可和访问控制
发布时间 2005-03-08 更新时间 2009-04-03
CVE编号 CVE-2005-0735 CNNVD-ID CNNVD-200505-755
漏洞平台 CGI CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/25201
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-755
|漏洞详情
NewsScript的newsscript.pl使得远程攻击者可以通过设置传给管理员的mode参数来获取权限。
|漏洞EXP
source: http://www.securityfocus.com/bid/12761/info

NewsScript is reported prone to an access validation vulnerability. This issue may allow an unauthorized attacker to add, modify and delete messages.

It is reported that an attacker can exploit this issue by issuing a specially crafted HTTP GET request for the 'newsscript.pl' script to bypass access checks and carry out administrative tasks. 

www.example.com/newsscript.pl?mode=admin
|参考资料

来源:BID
名称:12761
链接:http://www.securityfocus.com/bid/12761