Magus Perde Clever Copy Connect.INC 信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110046 漏洞类型 访问验证错误
发布时间 2006-04-11 更新时间 2006-04-12
CVE编号 CVE-2006-1718 CNNVD-ID CNNVD-200604-166
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/27621
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-166
|漏洞详情
MagusPerdeCleverCopy3.0及早期版本以不足的访问控制权限将敏感信息存储在web根目录下。这使得远程攻击者可以借助于对connect.inc的直接请求查看数据库用户名和密码。
|漏洞EXP
source: http://www.securityfocus.com/bid/17461/info

Clever Copy is prone to an information-disclosure vulnerability. A remote attacker could leverage this issue to gain access to sensitive configuration information. The attacker could then use this information to launch further attacks against the system.

Clever Copy 3.0 is affected; other versions may also be vulnerable.

http://www.example.com/[clevercopy_path]/admin/connect.inc
|参考资料

来源:BID
名称:17461
链接:http://www.securityfocus.com/bid/17461
来源:BUGTRAQ
名称:20060407[ECHO_ADV_28$2006]CleverCopy<=3.0Connect.incCriticalInformationDisclosure
链接:http://www.securityfocus.com/archive/1/archive/1/430369/100/0/threaded
来源:VUPEN
名称:ADV-2006-1316
链接:http://www.frsirt.com/english/advisories/2006/1316
来源:SECUNIA
名称:19579
链接:http://secunia.com/advisories/19579
来源:MISC
链接:http://advisories.echo.or.id/adv/adv28-K-159-2006.txt
来源:XF
名称:clevercopy-connect-disclose-information(25720)
链接:http://xforce.iss.net/xforce/xfdb/25720