Lucene search
RootSSV:912HistoryDec 14, 2006 - 12:00 a.m.
SQL-Ledger验证绕过漏洞
2006-12-1400:00:00
Root
www.seebug.org
13
0.024 Low
EPSS
Percentile
88.8%
SQL-Ledger是一款开源的ERP系统。
SQL-Ledger验证机制实现存在错误,远程攻击者可以利用漏洞未授权访问应用程序。
SQL-Ledger使用的会话验证存在问题,当用户登录时,会检查密码信息,如果匹配users/members文件中的内容,那么就生成会话ID并在WEB浏览器上处理。验证所需只要简单在COOKIE中指定"sql-ledger-[username]"名和[timestamp]值,并且这个值匹配通过GET或POST操作传递的"sessionid"值。[username]是登录的用户名,[timestamp]是UNIX时间戳。
SQL-Ledger <= 2.6.17
<a href target=“_blank”>Http://www.metatrontech.com/downloads/sql-ledger-fix-CVE-2006-4244.tar.gz</a>
1)建立参考运行SQL-Ledger主机的COOKIE,/路径和sql-ledger-[username]名,及相关时间戳。
2)在浏览器上提交如下URL:
http://[hostname]/sql-ledger/menu.pl?path=bin/mozilla&action=display&level=N
ew%20Window&login=[username]&timeout=10800&sessionid=
Related
packetstorm
packetstorm
sqlledger.txt
2006-09-08 00:00:00
LedgerSMB.txt
2006-09-13 00:00:00
cve
cve
CVE-2006-4244
2006-08-31 01:04:00
ubuntucve
ubuntucve
CVE-2006-4244
2006-08-31 00:00:00
securityvulns
securityvulns
LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution
2006-09-13 00:00:00
debiancve
debiancve
CVE-2006-4244
2006-08-31 01:04:00
freebsd
freebsd
sql-ledger -- multiple vulnerabilities
2006-12-17 00:00:00
osv
osv
sql-ledger
2006-12-17 00:00:00
openvas
openvas
Debian Security Advisory DSA 1239-1 (sql-ledger)
2008-01-17 00:00:00
FreeBSD Ports: sql-ledger
2008-09-04 00:00:00
Debian: Security Advisory (DSA-1239-1)
2008-01-17 00:00:00
nessus
nessus
FreeBSD : sql-ledger -- multiple vulnerabilities (0679deeb-8eaf-11db-abc9-0003476f14d3)
2006-12-30 00:00:00
Debian DSA-1239-1 : sql-ledger - several vulnerabilities
2006-12-18 00:00:00
debian
debian
[SECURITY] [DSA 1239-1] New sql-ledger packages fix arbitrary code execution
2006-12-17 15:21:18