PHP Grade Book 1.9.4 SQL Database Export

2012.03.24
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-200


Ogólna skala CVSS: 5/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Brak
Wpływ na dostępność: Brak

'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670) Mark Stanislav - mark.stanislav@gmail.com I. DESCRIPTION --------------------------------------- A vulnerability exists in admin/index.php that allows for an unauthenticated user to export the entire application database by accessing the 'Database Backup' method without restriction. Due to the way sessions are handled, an attacker can then simply pass the username and password-hash via cookies to assume the administrative role without ever knowing the clear-text version of the password. II. TESTED VERSION --------------------------------------- 1.9.4 III. PoC EXPLOIT --------------------------------------- http://localhost/phpGradeBook/admin/index.php?action=SaveSQL IV. SOLUTION --------------------------------------- Upgrade to 1.9.5 or above. V. REFERENCES --------------------------------------- http://sourceforge.net/projects/php-gradebook/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1670 VI. TIMELINE --------------------------------------- 02/29/2012 - Initial vendor disclosure 02/29/2012 - Vendor response and commitment to fix 03/01/2012 - Vendor patched and released an updated version 03/22/2012 - Public disclosure

Referencje:

http://sourceforge.net/projects/php-gradebook/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top