|
|
PVote未授权管理员密码可更改漏洞
发布时间:2002-04-23
更新时间:2002-04-23
严重程度:高
威胁程度:控制应用程序系统
错误类型:输入验证错误
利用方式:服务器模式
BUGTRAQ ID:4541
受影响系统PVote PVote 1.0 b
- Apache Software Foundation Apache 1.3.18
- Apache Software Foundation Apache 1.3.18 win32
- Apache Software Foundation Apache 1.3.19
- Apache Software Foundation Apache 1.3.19 win32
- Apache Software Foundation Apache 1.3.20
- Apache Software Foundation Apache 1.3.20 win32
- Apache Software Foundation Apache 1.3.22
- Apache Software Foundation Apache 1.3.22 win32
- Apache Software Foundation Apache 1.3.23
- Apache Software Foundation Apache 1.3.23 win32
- Apache Software Foundation Apache 1.3.24
- Apache Software Foundation Apache 1.3.24 win32
PVote PVote 1.0 a
- Apache Software Foundation Apache 1.3.18
- Apache Software Foundation Apache 1.3.18 win32
- Apache Software Foundation Apache 1.3.19
- Apache Software Foundation Apache 1.3.19 win32
- Apache Software Foundation Apache 1.3.20
- Apache Software Foundation Apache 1.3.20 win32
- Apache Software Foundation Apache 1.3.22
- Apache Software Foundation Apache 1.3.22 win32
- Apache Software Foundation Apache 1.3.23
- Apache Software Foundation Apache 1.3.23 win32
- Apache Software Foundation Apache 1.3.24
- Apache Software Foundation Apache 1.3.24 win32
PVote PVote 1.0
- Apache Software Foundation Apache 1.3.18
- Apache Software Foundation Apache 1.3.18 win32
- Apache Software Foundation Apache 1.3.19
- Apache Software Foundation Apache 1.3.19 win32
- Apache Software Foundation Apache 1.3.20
- Apache Software Foundation Apache 1.3.20 win32
- Apache Software Foundation Apache 1.3.22
- Apache Software Foundation Apache 1.3.22 win32
- Apache Software Foundation Apache 1.3.23
- Apache Software Foundation Apache 1.3.23 win32
- Apache Software Foundation Apache 1.3.24
- Apache Software Foundation Apache 1.3.24 win32
PVote PVote 1.5
- Apache Software Foundation Apache 1.3.18
- Apache Software Foundation Apache 1.3.18 win32
- Apache Software Foundation Apache 1.3.19
- Apache Software Foundation Apache 1.3.19 win32
- Apache Software Foundation Apache 1.3.20
- Apache Software Foundation Apache 1.3.20 win32
- Apache Software Foundation Apache 1.3.22
- Apache Software Foundation Apache 1.3.22 win32
- Apache Software Foundation Apache 1.3.23
- Apache Software Foundation Apache 1.3.23 win32
- Apache Software Foundation Apache 1.3.24
- Apache Software Foundation Apache 1.3.24 win32 详细描述
PVote是PHP编写的WEB投票系统,可运行在多种系统平台下。
其中攻击者可以提交包含特殊值的请求给URL参数,可导致无需认证改变管理员密码。
测试代码
http://target/pvote/ch_info.php?newpass=password&confirm=password
解决方案
下载升级程序:
PVote PVote 1.0 b:
PVote Upgrade PVote 1.9
http://orbit-net.net:8001/php/pvote/pvote.zip
PVote PVote 1.0 a:
PVote Upgrade PVote 1.9
http://orbit-net.net:8001/php/pvote/pvote.zip
PVote PVote 1.0:
PVote Upgrade PVote 1.9
http://orbit-net.net:8001/php/pvote/pvote.zip
PVote PVote 1.5:
PVote Upgrade PVote 1.9
http://orbit-net.net:8001/php/pvote/pvote.zip
相关信息
Daniel Nystr?m <exce@netwinder.nu>.
参考:http://online.securityfocus.com/archive/1/268231
相关主页:http://orbit-net.net:8001/php/pvote/
|
