phpFoX NATIO cookie 权限许可和访问控制漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1194845 漏洞类型 未知
发布时间 2006-05-27 更新时间 2006-05-27
CVE编号 CVE-2006-2631 CNNVD-ID CNNVD-200605-497
漏洞平台 N/A CVSS评分 4.0
|漏洞来源
https://www.securityfocus.com/bid/87577
https://cxsecurity.com/issue/WLB-2006050163
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-497
|漏洞详情
phpFoX可以使远程认证用户借助经过修改的NATIOcookie值来修改任意帐户,可能是phpfox_user参数。
|漏洞EXP
phpFoX (AllVersion) Login to any Account

#Exploit found by Mx [at] hackmx.net

#Login as any user/admin/mod

#Action event only once

This exploit will allow you to action an event per login, on any account in phpFoX (All Versions).

1> Create an account on phpFox, after activating the account, login.

2> Go to edit your cookies.

3> The domain which has phpFoX installed, find the cookie "NATIO" and the value of this cookie should be the account you just created.

4> Go to edit profile in your own account, or anything in your own account, and then change the value of NATIO to the account you want to edit.

5> Save the cookie, and hit submit to submit the information you are editing.

6> The information on their page will change, but the next time you click something you will be logged out.

# www.hackmx.net

# Exploit found May 20, 2006

----------------------------
|受影响的产品
phpFox phpFox 0
|参考资料

来源:SECUNIA
名称:20280
链接:http://secunia.com/advisories/20280
来源:BUGTRAQ
名称:20060523phpFoXAllVersionLoginExploit
链接:http://www.securityfocus.com/archive/1/archive/1/435001/100/0/threaded
来源:VUPEN
名称:ADV-2006-1994
链接:http://www.frsirt.com/english/advisories/2006/1994
来源:XF
名称:phpfox-cookie-security-bypass(26697)
链接:http://xforce.iss.net/xforce/xfdb/26697
来源:BUGTRAQ
名称:20060601Re:phpFoXAllVersionLoginExploit
链接:http://www.securityfocus.com/archive/1/archive/1/435887/100/0/threaded
来源:SREASON
名称:969
链接:http://securityreason.com/securityalert/969