来源:自学PHP网 时间:2015-04-17 14:11 作者: 阅读:次
[导读] 标题:News Script PHP v1.2 - Multiple Web Vulnerabilites影响系统7.5介绍:=============Visitors to your website will be able to read news, articles, interviews and stories which......
标题:News Script PHP v1.2 - Multiple Web Vulnerabilites
影响系统 7.5 介绍: ============= Visitors to your website will be able to read news, articles, interviews and stories which you have posted 具体介绍可以看这里:http://www.newsscriptphp.com ) 摘要: ========= News Script PHP v1.2 CMS被发现多个漏洞 技术分析: ======== 1.1 Multiple SQL Injection vulnerabilities are detected in the News Script PHP 1.2 Content Management System. The vulnerability allows an attacker (remote) or local low privileged user account to inject/execute own sql commands on the affected application dbms without user inter action. Successful exploitation of the vulnerability results in dbms & application compromise. The vulnerabilities are located in admin.php & preview.php file and bound values like orderBy & id. Vulnerable File(s): [+] preview.php [+] admin.php Vulnerable Parameter(s): [+] id [+] orderBy 1.2 Multiple non persistent cross site scripting vulnerabilities are detected in the News Script PHP 1.2 Content Management System. The vulnerability allows remote attackers to hijack website customer, moderator or admin sessions with high required user inter action or local low privileged user account. Successful exploitation can result in account steal, phishing & client-side content request manipulation. The vulnerabilities are located in the preview.php and admin.php files and the bound values like search, ordertype, orderby & act. Vulnerable File(s): [+] preview.php [+] admin.php Vulnerable Parameter(s): [+] search [+] orderType [+] orderBy [+] act 测试证明: ================= 1.1 The sql injection vulnerabilities can be exploited without required user inter action with privileged user account. For demonstration or reproduce ... PoC: http://127.0.0.1:1338/news/preview.php?id=[SQL-INJECTION] http://www.2cto.com /news/preview.php?p=[SQL-INJECTION] http://127.0.0.1:1338/news/admin.php?act=news&orderType=[ASC/DESC]&search=&orderBy=[SQL-INJECTION] 1.2 The non persistent input validation vulnerabilities can be exploited by remote attackers with medium or high required user inter action & without privileged user account. For demonstration or reproduce ... PoC: http://127.0.0.1:1338/news/preview.php?id=`14&p=`&search=[CROSS SITE SCRIPTING] http://127.0.0.1:1338/news/admin.php?act=news&orderType=`[CROSS SITE SCRIPTING] http://www.2cto.com /news/admin.php?act=news&orderType=[CROSS SITE SCRIPTING]]&search=&orderBy=[CROSS SITE SCRIPTING] http://127.0.0.1:1338/news/preview.php?act=news&orderType=[CROSS SITE SCRIPTING] Risk: ===== 1.1 The security risk of the sql injection vulnerabilities are estimated as hard 1.2 The security risk of the input validation vulnerabilities are estiamted as low(+) VULNERABILITY RESEARCH LABORATORY TEAM Website: www.vulnerability-lab.com Mail: research@vulnerability-lab.com |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com