phpwind所有版本
phpwind管理权限泄露漏洞
SEBUG-ID:3361
SEBUG-Appdir:PHPWind
Published:2008-06-01
Vulnerable:
Discription:
phpwind是国内使用非常广泛的一款程序,由于在程序设计上存在错误,导致任何人可以取得前台管理员及斑主权限,做删除帖子等任意操作 由于phpwind论坛在设计上对数据库存储机制不了解,导致在程序逻辑上判断有问题,用精心构造的数据注册用户即可获得管理权限
Exploit:
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
http://www.sebug.net/exploit/3639
SEBUG Solution:
// sebug.net [2008-06-01]