osTicket 多个 本地文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108902 漏洞类型 输入验证
发布时间 2005-06-30 更新时间 2007-03-28
CVE编号 CVE-2005-2154 CNNVD-ID CNNVD-200507-060
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/25926
https://www.securityfocus.com/bid/14127
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200507-060
|漏洞详情
osTicket是一套开源的Web界面票务管理系统。osTicket1.3.1beta及之前版本中view.php和open.php存在本地文件包含漏洞。远程攻击者可通过inc参数,引用并可能执行任意本地文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/14127/info

osTicket is affected by multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

The following specific issues were identified:

- An SQL-injection vulnerability. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

- A local file-include vulnerability. An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

osTicket 1.3.1 beta and prior versions are affected. 

http://www.example.com/osticket/view.php?inc=x
|受影响的产品
osTicket osTicket STS 1.3 beta osTicket osTicket STS 1.2.7 osTicket osTicket STS 1.2 + cPanel cPanel 9.1 .0-R85 + cPanel cPanel 9.1
|参考资料

来源:BID
名称:14127
链接:http://www.securityfocus.com/bid/14127
来源:SECTRACK
名称:1014373
链接:http://securitytracker.com/id?1014373
来源:BUGTRAQ
名称:20050701[SECURITYALERT]osTicketbugs
链接:http://seclists.org/lists/bugtraq/2005/Jul/0009.html