TinyPHPForum 信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109598 漏洞类型 信息泄露
发布时间 2006-01-06 更新时间 2006-01-06
CVE编号 CVE-2006-0103 CNNVD-ID CNNVD-200601-035
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/27038
https://www.securityfocus.com/bid/88476
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200601-035
|漏洞详情
TinyPHPForum3.6及更早版本将(1)users/[USERNAME].hash和(2)users/[USERNAME].email文件存储在Web根目录下,但没有充分的访问控制,远程攻击者可以列出所有注册的用户,并可能获取其他敏感信息。
|漏洞EXP
source: http://www.securityfocus.com/bid/16163/info

TinyPHPForum is prone to multiple directory traversal vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit these vulnerabilities to retrieve arbitrary files from the vulnerable system in the context of the Web server process. Information obtained may aid in further attacks; other attacks are also possible.

These issues are reported to affect version 3.6; earlier versions may also be vulnerable. 

http://www.example.com/tpf/profile.php?action=view&uname=../../username
|受影响的产品
Ralph Capper Tinyphpforum 3.6 Ralph Capper Tinyphpforum 3.5 Ralph Capper Tinyphpforum 3.499 Ralph Capper Tinyphpforum 3.49 Ralph Capper Tinyphpforum 3.48 Ralph Capper Tin
|参考资料

来源:BUGTRAQ
名称:20060417TinyPHPforum-vulns
链接:http://www.securityfocus.com/archive/1/archive/1/431133/100/0/threaded
来源:BUGTRAQ
名称:20060105[eVuln]TinyPHPForumMultipleVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/420933/100/0/threaded
来源:OSVDB
名称:22257
链接:http://www.osvdb.org/22257
来源:VUPEN
名称:ADV-2006-0054
链接:http://www.frsirt.com/english/advisories/2006/0054
来源:SECTRACK
名称:1015436
链接:http://securitytracker.com/id?1015436
来源:SECUNIA
名称:18293
链接:http://secunia.com/advisories/18293
来源:MISC
链接:http://evuln.com/vulns/14/summary.html
来源:XF
名称:tinyphpforum-users-information-disclosure(24016)
链接:http://xforce.iss.net/xforce/xfdb/24016
来源:SREASON
名称:320
链接:http://securityreason.com/securityalert/320