|
|
PVote Poll内容可更改漏洞
发布时间:2002-04-23
更新时间:2002-04-23
严重程度:中
威胁程度:其它
错误类型:输入验证错误
利用方式:服务器模式
BUGTRAQ ID:4540
受影响系统PVote PVote 1.0 b
- Apache Software Foundation Apache 1.3.18
- Apache Software Foundation Apache 1.3.18 win32
- Apache Software Foundation Apache 1.3.19
- Apache Software Foundation Apache 1.3.19 win32
- Apache Software Foundation Apache 1.3.20
- Apache Software Foundation Apache 1.3.20 win32
- Apache Software Foundation Apache 1.3.22
- Apache Software Foundation Apache 1.3.22 win32
- Apache Software Foundation Apache 1.3.23
- Apache Software Foundation Apache 1.3.23 win32
- Apache Software Foundation Apache 1.3.24
- Apache Software Foundation Apache 1.3.24 win32
PVote PVote 1.0 a
- Apache Software Foundation Apache 1.3.18
- Apache Software Foundation Apache 1.3.18 win32
- Apache Software Foundation Apache 1.3.19
- Apache Software Foundation Apache 1.3.19 win32
- Apache Software Foundation Apache 1.3.20
- Apache Software Foundation Apache 1.3.20 win32
- Apache Software Foundation Apache 1.3.22
- Apache Software Foundation Apache 1.3.22 win32
- Apache Software Foundation Apache 1.3.23
- Apache Software Foundation Apache 1.3.23 win32
- Apache Software Foundation Apache 1.3.24
- Apache Software Foundation Apache 1.3.24 win32
PVote PVote 1.0
- Apache Software Foundation Apache 1.3.18
- Apache Software Foundation Apache 1.3.18 win32
- Apache Software Foundation Apache 1.3.19
- Apache Software Foundation Apache 1.3.19 win32
- Apache Software Foundation Apache 1.3.20
- Apache Software Foundation Apache 1.3.20 win32
- Apache Software Foundation Apache 1.3.22
- Apache Software Foundation Apache 1.3.22 win32
- Apache Software Foundation Apache 1.3.23
- Apache Software Foundation Apache 1.3.23 win32
- Apache Software Foundation Apache 1.3.24
- Apache Software Foundation Apache 1.3.24 win32
PVote PVote 1.5
- Apache Software Foundation Apache 1.3.18
- Apache Software Foundation Apache 1.3.18 win32
- Apache Software Foundation Apache 1.3.19
- Apache Software Foundation Apache 1.3.19 win32
- Apache Software Foundation Apache 1.3.20
- Apache Software Foundation Apache 1.3.20 win32
- Apache Software Foundation Apache 1.3.22
- Apache Software Foundation Apache 1.3.22 win32
- Apache Software Foundation Apache 1.3.23
- Apache Software Foundation Apache 1.3.23 win32
- Apache Software Foundation Apache 1.3.24
- Apache Software Foundation Apache 1.3.24 win32 详细描述
PVote是PHP编写的WEB投票系统,可运行在多种系统平台下。
攻击者可以操作URL参数值来增加/删除WEB投票内容。
测试代码
增加投票:
http://target/pvote/add.php?question=AmIgAy&o1=yes&o2=yeah&o3=well..yeah&o4
=bad
question是投票主题。
删除投票:
http://target/pvote/del.php?pollorder=1
pollorder是投票ID。
解决方案
下载升级程序:
PVote PVote 1.0 b:
PVote Upgrade PVote 1.9
http://orbit-net.net:8001/php/pvote/pvote.zip
PVote PVote 1.0 a:
PVote Upgrade PVote 1.9
http://orbit-net.net:8001/php/pvote/pvote.zip
PVote PVote 1.0:
PVote Upgrade PVote 1.9
http://orbit-net.net:8001/php/pvote/pvote.zip
PVote PVote 1.5:
PVote Upgrade PVote 1.9
http://orbit-net.net:8001/php/pvote/pvote.zip
相关信息
Daniel Nystr?m <exce@netwinder.nu>.
参考:http://online.securityfocus.com/archive/1/268231
相关主页:http://orbit-net.net:8001/php/pvote/
|
