John Lim ADOdb Library for PHP 敏感信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1193411 漏洞类型 未知
发布时间 2006-09-24 更新时间 2006-09-24
CVE编号 CVE-2006-4976 CNNVD-ID CNNVD-200609-424
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/84229
https://cxsecurity.com/issue/WLB-2006090156
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200609-424
|漏洞详情
JohnLimADOdbLibraryforPHP中的日期程序库,可让远程攻击者通过直接请求以下文件,在各种错误消息中揭示路径,从而获取敏感信息:(1)server.php、(2)adodb-errorpear.inc.php、(3)adodb-iterator.inc.php、(4)adodb-pear.inc.php、(5)adodb-perf.inc.php、(6)adodb-xmlschema.inc.php和(7)adodb.inc.php;datadict中的文件,包括(8)datadict-access.inc.php、(9)datadict-db2.inc.php、(10)datadict-generic.inc.php、(11)datadict-ibase.inc.php、(12)datadict-informix.inc.php、(13)datadict-mssql.inc.php、(14)datadict-mysql.inc.php、(15)datadict-oci8.inc.php、(16)datadict-postgres.inc.php和(17)datadict-sybase.inc.php;drivers/中的文件,包括(18)adodb-access.inc.php、(19)adodb-ado.inc.php、(20)adodb-ado_access.inc.php、(21)adodb-ado_mssql.inc.php、(22)adodb-borland_ibase.inc.php、(23)adodb-csv.inc.php、(24)adodb-db2.inc.php、(25)adodb-fbsql.inc.php、(26)adodb-firebird.inc.php、(27)adodb-ibase.inc.php、(28)adodb-informix.inc.php、(29)adodb-informix72.inc.php、(30)adodb-mssql.inc.php、(31)adodb-mssqlpo.inc.php、(32)adodb-mysql.inc.php、(33)adodb-mysqli.inc.php、(34)adodb-mysqlt.inc.php、(35)adodb-oci8.inc.php、(36)adodb
|漏洞EXP
Hello,,

ADOdb Date Library, part of the ADOdb abstraction library Full path bugs

Discovered By : HACKERS PAL

Copy rights : HACKERS PAL

Website : http://www.soqor.net

Email Address : security (at) soqor (dot) net [email concealed]

ADOdb Date Library, part of the ADOdb abstraction library

Full path

adodb/server.php

adodb/adodb-errorpear.inc.php

adodb/adodb-iterator.inc.php

adodb/adodb-pear.inc.php

adodb/adodb-perf.inc.php

adodb/adodb-xmlschema.inc.php

adodb/adodb.inc.php

adodb/datadict/datadict-access.inc.php

adodb/datadict/datadict-db2.inc.php

adodb/datadict/datadict-generic.inc.php

adodb/datadict/datadict-ibase.inc.php

adodb/datadict/datadict-informix.inc.php

adodb/datadict/datadict-mssql.inc.php

adodb/datadict/datadict-mysql.inc.php

adodb/datadict/datadict-oci8.inc.php

adodb/datadict/datadict-postgres.inc.php

adodb/datadict/datadict-sybase.inc.php

adodb/drivers/adodb-access.inc.php

adodb/drivers/adodb-ado.inc.php

adodb/drivers/adodb-ado_access.inc.php

adodb/drivers/adodb-ado_mssql.inc.php

adodb/drivers/adodb-borland_ibase.inc.php

adodb/drivers/adodb-csv.inc.php

adodb/drivers/adodb-db2.inc.php

adodb/drivers/adodb-fbsql.inc.php

adodb/drivers/adodb-firebird.inc.php

adodb/drivers/adodb-ibase.inc.php

adodb/drivers/adodb-informix.inc.php

adodb/drivers/adodb-informix72.inc.php

adodb/drivers/adodb-mssql.inc.php

adodb/drivers/adodb-mssqlpo.inc.php

adodb/drivers/adodb-mysql.inc.php

adodb/drivers/adodb-mysqli.inc.php

adodb/drivers/adodb-mysqlt.inc.php

adodb/drivers/adodb-oci8.inc.php

adodb/drivers/adodb-oci805.inc.php

adodb/drivers/adodb-oci8po.inc.php

adodb/drivers/adodb-odbc.inc.php

adodb/drivers/adodb-odbc_mssql.inc.php

adodb/drivers/adodb-odbc_oracle.inc.php

adodb/drivers/adodb-oracle.inc.php

adodb/drivers/adodb-postgres64.inc.php

adodb/drivers/adodb-postgres7.inc.php

adodb/drivers/adodb-proxy.inc.php

adodb/drivers/adodb-sapdb.inc.php

adodb/drivers/adodb-sqlanywhere.inc.php

adodb/drivers/adodb-sqlite.inc.php

adodb/drivers/adodb-sybase.inc.php

adodb/drivers/adodb-vfp.inc.php

adodb/perf/perf-db2.inc.php

adodb/perf/perf-informix.inc.php

adodb/perf/perf-mssql.inc.php

adodb/perf/perf-mysql.inc.php

adodb/perf/perf-oci8.inc.php

adodb/perf/perf-postgres.inc.php

adodb/tests/benchmark.php

adodb/tests/client.php

adodb/tests/test-datadict.php

adodb/tests/test-perf.php

adodb/tests/test-pgblob.php

adodb/tests/test-php5.php

adodb/tests/test-xmlschema.php

adodb/tests/test.php

adodb/tests/test2.php

adodb/tests/test3.php

adodb/tests/test4.php

adodb/tests/test5.php

adodb/tests/test_rs_array.php

adodb/tests/testcache.php

adodb/tests/testdatabases.inc.php

adodb/tests/testgenid.php

adodb/tests/testmssql.php

adodb/tests/testoci8.php

adodb/tests/testoci8cursor.php

adodb/tests/testpaging.php

adodb/tests/testpear.php

adodb/tests/testsessions.php

adodb/tests/time.php

adodb/tests/tmssql.php?do=tmssql

adodb/tests/tmssql.php?do=tpear

adodb/tests/tmssql.php?do=tadodb
|受影响的产品
John Lim Adodb Date Library 0
|参考资料

来源:BUGTRAQ
名称:20060914ADOdbDateLibraryFullpathBugs
链接:http://www.securityfocus.com/archive/1/archive/1/445995/100/100/threaded
来源:SREASON
名称:1629
链接:http://securityreason.com/securityalert/1629