ScriptsCenter ezUpload Pro 多个未授权访问漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1193946 漏洞类型 输入验证
发布时间 2006-07-31 更新时间 2006-08-02
CVE编号 CVE-2006-3939 CNNVD-ID CNNVD-200607-523
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2006080014
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200607-523
|漏洞详情
ScriptsCenterezUploadPro2.2.0可以使远程攻击者在(1)filter.php(允许更改ExtensionsMode文件类型);(2)access.php(允许更改保护方法);(3)edituser.php(允许增加对用户帐户的上传能力);(4)settings.php(允许更改管理信息);以及(5)index.php(允许上传任意文件)当中进行未经认证的管理活动。
|漏洞EXP
I don't know anyone report this but I have detected this when test EzUpload Pro 2.2.0

Attacker can re-config EzUpload system without login.

File: filter.php --> change Extensions Mode file type.

File: access.php --> change Protection Method accept anyone upload file

File: edituser.php --> Add user who can upload

File: settings.php --> Change admin informations

File: index.php --> Upload file without login even system require login

Check it and fun
|参考资料

来源:BID
名称:19175
链接:http://www.securityfocus.com/bid/19175
来源:BUGTRAQ
名称:20060726EzUploadmultifilevulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/441172/100/0/threaded
来源:SREASON
名称:1305
链接:http://securityreason.com/securityalert/1305