Plunet BusinessManager 'pagesUTF8/Sys_DirAnzeige.jsp和pagesUTF8/auftrag_job.jsp' 敏感信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117209 漏洞类型 权限许可和访问控制
发布时间 2009-01-07 更新时间 2009-02-23
CVE编号 CVE-2009-0700 CNNVD-ID CNNVD-200902-516
漏洞平台 JSP CVSS评分 4.0
|漏洞来源
https://www.exploit-db.com/exploits/32710
https://www.securityfocus.com/bid/79607
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-516
|漏洞详情
PlunetBusinessManager4.1及其早期版本允许远程验证用户绕过访问限制并(1)可以借助对pagesUTF8/Sys_DirAnzeige.jsp的一个修改过的Pfad参数读取敏感Customer或Order数据,或者(2)可以借助对pagesUTF8/auftrag_job.jsp提交的一个直接请求列出敏感Jobs。
|漏洞EXP
source: http://www.securityfocus.com/bid/33153/info
  
Plunet BusinessManager is prone to multiple security-bypass and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.
  
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, control how the site is rendered to the user, or perform unauthorized actions as another user; other attacks may also be possible.
  
Versions prior to BusinessManager 4.2 are vulnerable.

http://www.example.com/pagesUTF8/auftrag_job.jsp?OSG05=1944&anchor=AJob31944 surf jobs
|受影响的产品
Plunet Business Manager 4.1
|参考资料

来源:XF
名称:businessmanager-multiple-security-bypass(47794)
链接:http://xforce.iss.net/xforce/xfdb/47794
来源:BID
名称:33153
链接:http://www.securityfocus.com/bid/33153
来源:MISC
链接:http://www.securenetwork.it/ricerca/advisory/download/SN-2008-04.txt
来源:BUGTRAQ
名称:20090109Re:PlunetBusinessManagerfailureinaccesscontrolsandmultiplestoredcrosssitescripting
链接:http://archives.neohapsis.com/archives/bugtraq/2009-01/0054.html
来源:BUGTRAQ
名称:20090107PlunetBusinessManagerfailureinaccesscontrolsandmultiplestoredcrosssitescripting
链接:http://archives.neohapsis.com/archives/bugtraq/2009-01/0032.html