Snoopy任意命令执行漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109169 漏洞类型 输入验证
发布时间 2005-10-26 更新时间 2008-09-10
CVE编号 CVE-2005-3330 CNNVD-ID CNNVD-200510-220
漏洞平台 Windows CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/26424
https://www.securityfocus.com/bid/15213
https://cxsecurity.com/issue/WLB-2005100063
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200510-220
|漏洞详情
Snoopy是一个模拟Web浏览器的PHP类,它可自动完成检索网页内容和张贴表单等任务。Snoopy对URL的处理存在漏洞,远程攻击者可能利用此漏洞在主机上执行任意命令。在使用SnoopyAPI调用请求SSL保护的网页时,会调用_httpsrequest函数,而该函数会将URL用作参数。然后该函数会未经检查用户输入便调用PHP函数exec。如果使用了特制URL的话,攻击者就可以提供任意命令,并在WebServer上执行这些命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/15213/info

Snoopy is prone to a vulnerability that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input.

This issue may facilitate unauthorized remote access to the application in the context of the webserver. 


https://www.%22;+echo+'hello'+%3E+test.txt

Passing this URI to a script that uses a vulnerable version of Snoopy will result in a file called 'test.txt' containing 'hello'.
|受影响的产品
Snoopy Snoopy 1.2 Snoopy Snoopy 1.0 1 Snoopy Snoopy 0.94 Snoopy Snoopy 0.93 Snoopy Snoopy 0.92 Snoopy Snoopy 0.91
|参考资料

来源:svn.ampache.org
链接:https://svn.ampache.org/branches/3.3.1/docs/CHANGELOG
来源:XF
名称:snoopy-httpsrequest-command-injection(22874)
链接:http://xforce.iss.net/xforce/xfdb/22874
来源:BID
名称:15213
链接:http://www.securityfocus.com/bid/15213
来源:OSVDB
名称:20316
链接:http://www.osvdb.org/20316
来源:VUPEN
名称:ADV-2005-2727
链接:http://www.frsirt.com/english/advisories/2005/2727
来源:VUPEN
名称:ADV-2005-2335
链接:http://www.frsirt.com/english/advisories/2005/2335
来源:VUPEN
名称:ADV-2005-2202
链接:http://www.frsirt.com/english/advisories/2005/2202
来源:sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=375385
来源:sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=368750
来源:SECTRACK
名称:1015104
链接:http://securitytracker.com/id?1015104
来源:SECUNIA
名称:17887
链接:http://secunia.com/advisories/17887
来源:SECUNIA
名称:17779
链接:http://secunia.com/advisories/17779
来源:SECUNIA
名称:17455
链接:http://secunia.com/advisories/17455
来源:SECUNIA
名称:17330
链接:http://secunia.com/advisories/17330
来源:BUGTRAQ