2532gigs 根目录 权限许可和访问控制漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1115032 漏洞类型 权限许可和访问控制
发布时间 2008-04-18 更新时间 2009-02-19
CVE编号 CVE-2008-6199 CNNVD-ID CNNVD-200902-431
漏洞平台 PHP CVSS评分 4.0
|漏洞来源
https://www.exploit-db.com/exploits/5465
https://www.securityfocus.com/bid/84537
https://cxsecurity.com/issue/WLB-2009020232
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-431
|漏洞详情
2532designs2532是一个基于PHP/MySQL的音乐网站的用户设计的音乐管理工具。网络用户可以通过控制面板添加,编辑和删除节目和艺术家。2532Gigs1.2.2版本及其早期版本根目录存在权限许可和访问控制漏洞。远程攻击者可以通过向backup.php发送直接请求触发备份获得敏感信息,该请求回在WEB根目录下创建包含访问控制信息的文件backup.sql。
|漏洞EXP
--==+================================================================================+==--
--==+          2532|Gigs <= 1.2.2 Arbitrary Remote Database Backup/Download          +==--
--==+================================================================================+==--



Discovered By: t0pP8uZz
Discovered On: 18 April 2008
Script Download: http://www.2532gigs.com/?download=2532Gigs_stable
DORK: N/A

Vendor Has Not Been Notified!


DESCRIPTION: 
2532|Gigs does not validate a user in "backup.php" this means any user can visit and backup.
of course some GET variables are being used but thats all.

running the below url/path on a server that is running 2532|Gigs will make a backup of the database
and save it too "http://site.com/2532gigs/backup.sql"


Vulnerability:
http://site.com/2532gigs/backup.php?export=1


NOTE/TIP: 
you must be logged in to a ordinary user account for this too work!


GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !



--==+================================================================================+==--
--==+          2532|Gigs <= 1.2.2 Arbitrary Remote Database Backup/Download          +==--
--==+================================================================================+==--

# milw0rm.com [2008-04-18]
|受影响的产品
2532Gigs 2532Gigs 1.2.2 2532Gigs 2532Gigs 1.2.1
|参考资料

来源:XF
名称:2532gigs-backup-information-disclosure(41912)
链接:http://xforce.iss.net/xforce/xfdb/41912
来源:MILW0RM
名称:5465
链接:http://www.milw0rm.com/exploits/5465