Jemscripts DownloadControl dc.php 无效dcid参数 信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110303 漏洞类型 SQL注入
发布时间 2006-05-19 更新时间 2006-05-24
CVE编号 CVE-2006-2552 CNNVD-ID CNNVD-200605-435
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/27899
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-435
|漏洞详情
JemscriptsDownloadControl1.0可以使远程攻击者借助可在错误讯息中泄漏路径名称的对dc.php的无效dcid参数,获得敏感信息。注意:此问题最初被称为SQL注入,但它可能由functions.php内的另一问题所致。
|漏洞EXP
source: http://www.securityfocus.com/bid/18041/info

DownloadControl is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. 

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

DownloadControl 1.0 is reported vulnerable. Other versions may be affected as well.

http://www.example.com/dc.php?dcid=80477172'
|参考资料

来源:BID
名称:18041
链接:http://www.securityfocus.com/bid/18041
来源:BUGTRAQ
名称:20060519JemscriptsDownloadControlv1.0
链接:http://www.securityfocus.com/archive/1/archive/1/434533/100/0/threaded
来源:XF
名称:downloadcontrol-dc-path-disclosure(26576)
链接:http://xforce.iss.net/xforce/xfdb/26576
来源:OSVDB
名称:25716
链接:http://www.osvdb.org/25716
来源:VUPEN
名称:ADV-2006-1928
链接:http://www.frsirt.com/english/advisories/2006/1928
来源:SREASON
名称:943
链接:http://securityreason.com/securityalert/943