漏洞信息详情

Web Wiz Forum未授权私人版块访问漏洞

  • CNNVD编号:CNNVD-200312-150
  • 危害等级: 中危
  • CVE编号: CVE-2003-1176
  • 漏洞类型: 访问验证错误
  • 发布时间: 2003-11-04
  • 威胁类型: 远程
  • 更新时间: 2006-09-22
  • 厂        商: bdc_enterprises
  • 漏洞来源: Alexander Antipov※...

漏洞简介

Web Wiz Forum是英国Web Wiz公司的一套基于Web的免费论坛软件。 Web Wiz Forum不正确处理使用\'\'quote\'\'模式的畸形请求,远程攻击者可以利用这个漏洞未授权访问私人版块。 当使用\"quote\"模式时,Web Wiz Forum由于没有充分检查是否对论坛和消息的请求,可导致远程攻击者在本来不允许访问的私人版块中读取和张贴消息。

漏洞公告

厂商补丁: Web Wiz Forums -------------- 使用如下补丁:

-- begin snip post_message_form.asp ----

'If this is a quoted message read in the message to be quoted

If strMode = "quote" Then

'Get the number this thread is after

intTotalNumOfThreads = Request.QueryString("NOP")

'Get the return thread page

intRecordPositionPageNum = Request.QueryString("TPN")

--- bug fix by pharaoh ----

strSQL = "SELECT " & strDbTable & "Topic.Subject FROM " & strDbTable

& "Topic "

strSQL = strSQL & "WHERE " & strDbTable & "Topic.Forum_ID = " &

CLng(Request.QueryString("FID"))

strSQL = strSQL & "AND " & strDbTable & "Topic.Topic_ID = " &

CLng(Request.QueryString("TID"))

rsCommon.Open strSQL, adoCon

If rsCommon.EOF Then

rsCommon.Close

Set rsCommon = Nothing

Set adoCon = Nothing

Set adoCon = Nothing

Response.Redirect "insufficient_permission.asp"

End If

rsCommon.Close

strSQL = "SELECT " & strDbTable & "Author.Author_ID, " & strDbTable

& "Author.Username, " & strDbTable & "Thread.Message "

strSQL = strSQL & "FROM " & strDbTable & "Thread INNER JOIN " &

strDbTable & "Author ON " & strDbTable & "Thread.Author_ID = " & strDbTable

& "Author.Author_ID "

strSQL = strSQL & "WHERE " & strDbTable & "Thread.Thread_ID = " &

CLng(Request.QueryString("PID"))

strSQL = strSQL & "AND " & strDbTable & "Thread.Topic_ID = " &

CLng(Request.QueryString("TID"))

rsCommon.Open strSQL, adoCon

If rsCommon.EOF Then

rsCommon.Close

Set rsCommon = Nothing

Set adoCon = Nothing

Set adoCon = Nothing

Response.Redirect "insufficient_permission.asp"

End If

--- bug fix by pharaoh ----

-- end snip post_message_form.asp ----

参考网址

来源: BUGTRAQ 名称: 20031104 Re: Unauthorized access in Web Wiz Forum 链接:http://www.securityfocus.com/archive/1/343314 来源: XF 名称: webwizforums-quotemode-message-access(13581) 链接:http://xforce.iss.net/xforce/xfdb/13581 来源: BID 名称: 8957 链接:http://www.securityfocus.com/bid/8957 来源: BUGTRAQ 名称: 20031102 Unauthorized access in Web Wiz Forum 链接:http://www.securityfocus.com/archive/1/343175 来源: OSVDB 名称: 2768 链接:http://www.osvdb.org/2768 来源: SECTRACK 名称: 1008100 链接:http://securitytracker.com/id?1008100 来源: SECUNIA 名称: 10137 链接:http://secunia.com/advisories/10137 来源:NSFOCUS 名称:5625 链接:http://www.nsfocus.net/vulndb/5625

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多