CVE-2004-2019
CVSS5.0
发布时间 :2004-12-31 00:00:00
修订时间 :2016-10-17 23:04:58
NMCO    

[原文]The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message.


[CNNVD]PHP-Nuke多个输入验证漏洞(CNNVD-200412-932)

        
        PHP-Nuke是一个广为流行的网站创建和管理工具,它可以使用很多数据库软件作为后端,比如MySQL、PostgreSQL、mSQL、Interbase、Sybase等。
        PHP-Nuke多处不正确处理用户提交的数据,远程攻击者可以利用这个漏洞进行跨站脚本,路径泄露,敏感信息泄露等攻击。
        A. 路径泄露
        "WebLinks"模块对"show"变量缺少过滤,可导致路径泄露:
        http://localhost/nuke73/modules.php?name=Web_Links&l_op=viewlink&cid=1&show=foobar
        Warning: Division by zero in D:\apache_wwwroot\nuke73\modules\Web_Links\index.php on \
        line 774
        B. 多个模块对变量缺少充分过滤,可导致跨站脚本攻击,使的目标用户敏感信息泄露:
        http://localhost/nuke73/modules.php?name=News&file=article&sid=1&optionbox=[xss code \here]
        http://localhost/nuke73/modules.php?name=Statistics&op=DailyStats&year=2004&month=5&da \te=[xss code here]
        http://localhost/nuke73/modules.php?name=Stories_Archive&sa=show_month&year=[xss code \
        here]&month=05&month_l=May \
        http://localhost/nuke73/modules.php?name=Stories_Archive&sa=show_month&year=2004&month \
        =[xss code here]&month_l=May \
        http://localhost/nuke73/modules.php?name=Stories_Archive&sa=show_month&year=2004&month \
        =05&month_l=[xss code here]
        http://localhost/nuke73/modules.php?name=Surveys&file=comments&op=Reply&pid=1&pollID=1 \
        &mode=[xss code here]&order=0&thold=0 \
        http://localhost/nuke73/modules.php?name=Surveys&file=comments&op=Reply&pid=1&pollID=1 \
        &mode=thread&order=[xss code here]&thold=0 \
        http://localhost/nuke73/modules.php?name=Surveys&file=comments&op=Reply&pid=1&pollID=1 \
        &mode=thread&order=&thold=[xss code here]
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:francisco_burzi:php-nuke:7.2
cpe:/a:francisco_burzi:php-nuke:6.0
cpe:/a:francisco_burzi:php-nuke:7.0
cpe:/a:francisco_burzi:php-nuke:6.6
cpe:/a:francisco_burzi:php-nuke:6.5_rc1
cpe:/a:francisco_burzi:php-nuke:7.1
cpe:/a:francisco_burzi:php-nuke:7.0_final
cpe:/a:francisco_burzi:php-nuke:6.5_rc2
cpe:/a:francisco_burzi:php-nuke:6.9
cpe:/a:francisco_burzi:php-nuke:6.5_beta1
cpe:/a:francisco_burzi:php-nuke:6.5_rc3
cpe:/a:francisco_burzi:php-nuke:6.7
cpe:/a:francisco_burzi:php-nuke:7.3
cpe:/a:francisco_burzi:php-nuke:6.5
cpe:/a:francisco_burzi:php-nuke:6.5_final

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2019
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2019
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-932
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=108482957715299&w=2
(UNKNOWN)  BUGTRAQ  20040517 [waraxe-2004-SA#030 - Multiple vulnerabilities in PhpNuke 6.x - 7.3]
http://www.securityfocus.com/bid/10367
(UNKNOWN)  BID  10367
http://www.waraxe.us/index.php?modname=sa&id=29
(UNKNOWN)  MISC  http://www.waraxe.us/index.php?modname=sa&id=29
http://xforce.iss.net/xforce/xfdb/16170
(UNKNOWN)  XF  phpnuke-show-weblink-path-disclosure(16170)

- 漏洞信息

PHP-Nuke多个输入验证漏洞
中危 未知
2004-12-31 00:00:00 2005-10-20 00:00:00
远程  
        
        PHP-Nuke是一个广为流行的网站创建和管理工具,它可以使用很多数据库软件作为后端,比如MySQL、PostgreSQL、mSQL、Interbase、Sybase等。
        PHP-Nuke多处不正确处理用户提交的数据,远程攻击者可以利用这个漏洞进行跨站脚本,路径泄露,敏感信息泄露等攻击。
        A. 路径泄露
        "WebLinks"模块对"show"变量缺少过滤,可导致路径泄露:
        http://localhost/nuke73/modules.php?name=Web_Links&l_op=viewlink&cid=1&show=foobar
        Warning: Division by zero in D:\apache_wwwroot\nuke73\modules\Web_Links\index.php on \
        line 774
        B. 多个模块对变量缺少充分过滤,可导致跨站脚本攻击,使的目标用户敏感信息泄露:
        http://localhost/nuke73/modules.php?name=News&file=article&sid=1&optionbox=[xss code \here]
        http://localhost/nuke73/modules.php?name=Statistics&op=DailyStats&year=2004&month=5&da \te=[xss code here]
        http://localhost/nuke73/modules.php?name=Stories_Archive&sa=show_month&year=[xss code \
        here]&month=05&month_l=May \
        http://localhost/nuke73/modules.php?name=Stories_Archive&sa=show_month&year=2004&month \
        =[xss code here]&month_l=May \
        http://localhost/nuke73/modules.php?name=Stories_Archive&sa=show_month&year=2004&month \
        =05&month_l=[xss code here]
        http://localhost/nuke73/modules.php?name=Surveys&file=comments&op=Reply&pid=1&pollID=1 \
        &mode=[xss code here]&order=0&thold=0 \
        http://localhost/nuke73/modules.php?name=Surveys&file=comments&op=Reply&pid=1&pollID=1 \
        &mode=thread&order=[xss code here]&thold=0 \
        http://localhost/nuke73/modules.php?name=Surveys&file=comments&op=Reply&pid=1&pollID=1 \
        &mode=thread&order=&thold=[xss code here]
        

- 公告与补丁

        厂商补丁:
        Francisco Burzi
        ---------------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.phpnuke.org

- 漏洞信息

6223
PHP-Nuke Web_Links Module Full Path Disclosure
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

PHPNuke contains a flaw in its Web_Links module that may lead to an unauthorized information disclosure.  The issue is triggered when a specially crafted URL is received, which will disclose the installation path of the script resulting in a loss of confidentiality.

- 时间线

2004-05-17 Unknow
2004-05-17 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站