RakhiSoft Price Comparison Script PHPSESSID cookie 敏感信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116845 漏洞类型 信息泄露
发布时间 2008-11-28 更新时间 2009-02-26
CVE编号 CVE-2008-6279 CNNVD-ID CNNVD-200902-572
漏洞平台 PHP CVSS评分 7.8
|漏洞来源
https://www.exploit-db.com/exploits/32608
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-572
|漏洞详情
PriceComparisonScript是一款在线购物车脚本程序。RakhiSoftwarePriceComparisonScript(又称ShoppingCart)允许远程攻击者可以借助一个无效的PHPSESSIDcookie,获得敏感信息。该cookie会在一条错误信息中泄露安装路径。
|漏洞EXP
source: http://www.securityfocus.com/bid/32563/info
 
RakhiSoftware Shopping Cart is prone to multiple remote vulnerabilities.
 
Exploiting these issues can allow attackers to obtain sensitive information, steal cookie data, access or modify data, or exploit latent vulnerabilities in the underlying database.
 
Set Cookie: PHPSESSID='
|参考资料

来源:BID
名称:32563
链接:http://www.securityfocus.com/bid/32563
来源:SECUNIA
名称:32950
链接:http://secunia.com/advisories/32950
来源:MISC
链接:http://packetstormsecurity.com/0811-exploits/rakhi-sqlxssfpd.txt
来源:OSVDB
名称:50325
链接:http://osvdb.org/50325