CVE-2006-0843
CVSS5.0
发布时间 :2006-02-21 21:02:00
修订时间 :2008-09-05 17:00:22
NMCOP    

[原文]Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password.


[CNNVD]Leif M. Wright Blog信息泄露漏洞(CNNVD-200602-324)

        Leif M. Wright's Blog 3.5在没有足够访问控制的web root中存储配置文件和其他txt文件,从而使得远程攻击者可以读取管理员密码。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0843
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0843
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200602-324
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/16712
(UNKNOWN)  BID  16712
http://www.evuln.com/vulns/82/summary.html
(VENDOR_ADVISORY)  MISC  http://www.evuln.com/vulns/82/summary.html
http://secunia.com/advisories/18923
(VENDOR_ADVISORY)  SECUNIA  18923
http://xforce.iss.net/xforce/xfdb/24752
(UNKNOWN)  XF  webblog-txt-obtain-information(24752)
http://securityreason.com/securityalert/522
(UNKNOWN)  SREASON  522

- 漏洞信息

Leif M. Wright Blog信息泄露漏洞
中危 设计错误
2006-02-21 00:00:00 2006-02-22 00:00:00
远程  
        Leif M. Wright's Blog 3.5在没有足够访问控制的web root中存储配置文件和其他txt文件,从而使得远程攻击者可以读取管理员密码。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本。

- 漏洞信息 (F44315)

EV0082.txt (PacketStormID:F44315)
2006-03-03 00:00:00
Aliaksandr Hartsuyeu  evuln.com
exploit,code execution,xss,info disclosure
CVE-2006-0843,CVE-2006-0844,CVE-2006-0845
[点击下载]

Leif M. Wright's Blog version 3.5 is susceptible to information disclosure, authentication bypass, code execution, and cross site scripting flaws. Exploit details provided.

New eVuln Advisory:
Leif M. Wright's Blog Multiple Vulnerabilities
http://evuln.com/vulns/82/summary.html

--------------------Summary----------------
eVuln ID: EV0082
CVE: CVE-2006-0843 CVE-2006-0844 CVE-2006-0845 CVE-2006
Software: Leif M. Wright's Blog
Sowtware's Web Site: http://leifwright.com/scripts/
Versions: 3.5
Critical Level: Dangerous
Type: Multiple Vulnerabilities
Class: Remote
Status: Unpatched. No reply from developer(s)
Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

-----------------Description---------------
1. Sensitive Information Disclosure and Authentication Bypass

All "txt" files isn't protected by htaccess(or any other ways) in default installiation. This can be used to retrieve administrator's password from config file.


2. Cookie Authentication Bypass

"blog.cgi" script dont make password comparisson when identifying administrator by cookie.


3. Shell Command Execution

Administrator has an ability to edit blog configuration including full path to sendmail program. This can be used to execute arbitrary shell commands.

System access is possible.


4. 'Referer' and 'User-Agent' Cross-Site Scripting

Environment variables HTTP_REFERER and HTTP_USER_AGENT are not properly sanitized. This can be used to post HTTP query with fake Referer or User-Agent values which may contain arbitrary html or script code. This code will be executed when administrator will open "Log" page.


--------------Exploit----------------------
Available at: http://evuln.com/vulns/82/exploit.html

1. Sensitive Information Disclosure and Authentication Bypass

Url example:
http://[host]/cgi-bin/blog/blogconfig.txt


2. Cookie Authentication Bypass

Cookie: blogAdmin=true


3. Shell Command Execution

Sendmail: /bin/ls


4. 'Referer' and 'User-Agent' Cross-Site Scripting


GET /cgi-bin/blog/blog.cgi HTTP/1.0
Host: [host]
Referer: [XSS]
User-Agent: [XSS]
Content-Type: application/x-www-form-urlencoded
Content-Length: 93

file=15-13.59.39.txt&year=2006&month=February&name=zz&comment=zzz&submit=Enter% 20my%20comment
	


--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)


Regards,
Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services
.
    

- 漏洞信息

23272
Leif M. Wright's Blog Config File Admin Password Remote Disclosure
Remote / Network Access

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-02-15 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站