发布时间 :2004-08-18 00:00:00
修订时间 :2017-07-10 21:31:17

[原文]The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password.


        - backup_year-month-day_time.sql
        - backup_year-month-day_time.sql.gz

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20040818 Multiple vulnerabilities in PHP-FUSION
(UNKNOWN)  XF  phpfusion-database-file-access(17037)

- 漏洞信息

高危 访问验证错误
2004-08-18 00:00:00 2005-10-20 00:00:00
        - backup_year-month-day_time.sql
        - backup_year-month-day_time.sql.gz

- 公告与补丁


- 漏洞信息 (24384)

PHP-Fusion Database Backup Information Disclosure Vulnerability (EDBID:24384)
php webapps
2004-07-18 Verified
0 Ahmad Muammar
N/A [点击下载]

It is reported that PHP-Fusion is susceptible to a database backup information disclosure vulnerability. An anonymous remote attacker may be able to download a complete database backup from the server. Authentication would not be required.

A remote attacker may exploit this vulnerability to download the full contents of the application database. The backup includes user information and password hashes. This information could then be used in further attacks against the application. Furthermore, since the database uses the MD5 hash of passwords for authentication, and the authentication cookie directly includes both the username and the MD5 password hash, an attacker would not need to bruteforce the retrieved password hashes.

Version 4.00 was reported vulnerable. Other versions are also likely affected.

This issue is being retired due to the fact that this is not a vulnerability in the application. Configuring the Web server to restrict access to sensitive files can prevent this problem.		

- 漏洞信息

PHP-Fusion Database Backup Disclosure
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

PHP-Fusion contains a flaw that may lead to an unauthorized information disclosure. Attacker can download or view database backup files due to the fact that they are stored in publicly accessable directories and use predictable naming schemes in the format: "backup_year-month-day_time.sql" or "backup_year-month-day_time.sql.gz".

- 时间线

2004-08-17 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Apply proper permission on directory in which backups are stored.

- 相关参考

- 漏洞作者