mAlbum 默认帐户权限提升漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1191644 漏洞类型 权限许可和访问控制
发布时间 2007-02-21 更新时间 2007-02-21
CVE编号 CVE-2007-1045 CNNVD-ID CNNVD-200702-355
漏洞平台 N/A CVSS评分 10.0
|漏洞来源
https://www.securityfocus.com/bid/86598
https://cxsecurity.com/issue/WLB-2007020075
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200702-355
|漏洞详情
mAlbum0.3版本中存在默认帐户,(1)对其管理账户的"登陆"/"通过"以及(2)"dqsfg"/"sdfg",这会允许远程攻击者获得特权。
|漏洞EXP
* mAlbum v0.3
 admin by default user/pass

* By : sn0oPy

* Risk : high

* exploit :

at http://www.target.ma/malbum/index.php (when private images)

Login : login
Password : pass

after login, you can creat new admin account, delete it,...

Dork :

inurl:"malbum/"

* Default user/pass present here : ...malbumphotosusers.php

<?php
$users = $admins = array();
$users['dqsfg'] = array('PASSWORD' => 'sdfg');
$admins['login'] = array(
    'PASSWORD' => 'pass',
    'DELETE_PHOTO',
    'COMMENT_PHOTO',
    'COMMENT_ALBUM',
    'MANAGE_USER',
    'MANAGE_ADMIN',
);
?>

* contact : sn0oPy (at) avenir-geopolitique (dot) net [email concealed]

* greetz : [subzero], http://forums.avenir-geopolitique.net.

* Reference : http://forums.avenir-geopolitique.net/viewtopic.php?t=2677
|参考资料

来源:XF
名称:malbum-default-admin-account(32562)
链接:http://xforce.iss.net/xforce/xfdb/32562
来源:BUGTRAQ
名称:20070217mAlbumv0.3adminbydefaultuser/pass
链接:http://www.securityfocus.com/archive/1/archive/1/460402/100/0/threaded
来源:OSVDB
名称:33740
链接:http://osvdb.org/33740
来源:MISC
链接:http://forums.avenir-geopolitique.net/viewtopic.php?t=2677
来源:SREASON
名称:2272
链接:http://securityreason.com/securityalert/2272