GenesisTrader 'form.php'敏感信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111770 漏洞类型 输入验证
发布时间 2006-12-14 更新时间 2006-12-15
CVE编号 CVE-2006-6569 CNNVD-ID CNNVD-200612-347
漏洞平台 PHP CVSS评分 7.8
|漏洞来源
https://www.exploit-db.com/exploits/29282
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-347
|漏洞详情
GenesisTrader1.0中的form.php存在敏感信息泄露漏洞。远程攻击者可以通过带有"modfich"floap参数的(1)do和(2)chem参数来取任意文件的源代码并获取敏感信息。
|漏洞EXP
source: http://www.securityfocus.com/bid/21595/info

GenesisTrader is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include multiple information-disclosure vulnerabilities, an arbitrary file-upload vulnerability, and multiple cross-site scripting vulnerabilities.

An attacker can exploit these issues to upload and execute malicious PHP code in the context of the webserver process, to view sensitive information, and to steal cookie-based authentication credentials. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible. Exploiting these issues may aid the attacker in further attacks.

Version 1.0 is vulnerable to these issues; other versions may also be affected.

http://www.example.com/form.php?floap=modfich&do=[FILE]
http://www.example.com/form.php?floap=modfich&chem=[FILE]
|参考资料

来源:BUGTRAQ
名称:20061214GenesisTraderv1.0-MultipleVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/454385/100/0/threaded
来源:XF
名称:genesis-form-source-disclosure(30888)
链接:http://xforce.iss.net/xforce/xfdb/30888
来源:BID
名称:21595
链接:http://www.securityfocus.com/bid/21595
来源:SREASON
名称:2035
链接:http://securityreason.com/securityalert/2035