Siteman 'users.MYD' 远程敏感信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1191894 漏洞类型 未知
发布时间 2007-01-30 更新时间 2007-01-30
CVE编号 CVE-2007-0594 CNNVD-ID CNNVD-200701-558
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/86641
https://cxsecurity.com/issue/WLB-2007020011
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-558
|漏洞详情
Siteman2.0.x2在网根中储存敏感信息,但没有赋予足够的访问控制。远程攻击者可以借助对db/siteman/users.MYD的一个直接请求来下载包含密码文件的数据库。
|漏洞EXP
-=[--------------------ADVISORY-------------------]=-
                                              
                        Siteman 2.0.x2   
                                               
  Author: CorryL    [corryl80 (at) gmail (dot) com [email concealed]]   
-=[-----------------------------------------------]=-

-=[+] Application:    Siteman 2.0.x2
-=[+] Version:        2.0.x2
-=[+] Vendor's URL:   http://home.no.net/siteman/
-=[+] Platform:       WindowsLinuxUnix
-=[+] Bug type:       Remote Md5 Hash Disclosure Vulnerability
-=[+] Exploitation:   Remote
-=[-]
-=[+] Author:           CorryL  ~ corryl80[at]gmail[dot]com ~
-=[+] Reference:       www.x0n3-h4ck.org
-=[+] Virtual Office:  http://www.kasamba.com/CorryL
-=[+] Irc Chan:         irc.darksin.net #x0n3-h4ck

..::[ Descriprion ]::..

This is the home of the Siteman project, 
a content management system using the flat-file database system txtSQL for data storage.

..::[ Bug ]::..

exploiting this bug a remote attaker is able' to go up again to user name and admin password
what they are found to the first position

..::[ Proof Of Concept ]::..

http://remote-server/db/siteman/users.MYD
|受影响的产品
Siteman Siteman 2.0.x2
|参考资料

来源:BUGTRAQ
名称:20070125[x0n3-h4ck]Siteman2.0.x2RemoteMd5HashDisclosureVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/458081/100/0/threaded
来源:OSVDB
名称:33590
链接:http://osvdb.org/33590
来源:SREASON
名称:2206
链接:http://securityreason.com/securityalert/2206